[ https://issues.apache.org/jira/browse/GUACAMOLE-771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Jumper closed GUACAMOLE-771. ------------------------------------ Resolution: Invalid Indeed not a bug, and the conversation has moved to the mailing list: https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E > OpenID Auth Not Redirecting > --------------------------- > > Key: GUACAMOLE-771 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-771 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-openid > Affects Versions: 1.0.0 > Environment: Ubuntu 18 > Reporter: Craig Bloodworth > Priority: Minor > Labels: newbie, security > > Maybe I'm not fully understanding how the OpenID extension should work, but I > believe instead of logging in with the standard Guacamole client login screen > the user should be forwarded to the OpenID Connect IdP (in this case Google) > to authenticate and then be sent back to the Guacamole client. In the case of > my implementation this redirect isn't happening. > The extension is loaded: > {quote}09:00:44.048 [localhost-startStop-1] INFO > o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". > 09:00:45.357 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - > Extension "MySQL Authentication" loaded. > 09:00:45.361 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment > - GUACAMOLE_HOME is "/etc/guacamole". > 09:00:45.533 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - > Extension "OpenID Authentication Extension" loaded. > {quote} > And the guacamole.properties file is configured: > {quote}openid-authorization-endpoint: > https://accounts.google.com/o/oauth2/v2/auth > openid-jwks-endpoint: https://www.googleapis.com/oauth2/v3/certs > openid-issuer: https://accounts.google.com > openid-client-id: > xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com > openid-redirect-uri: https://servers.xxxxxxxxxxxxxxxx.co.uk > openid-username-claim-type: email > openid-scope: openid email profile > openid-allowed-clock-skew: 60 > openid-max-token-validity: 300 > openid-max-nonce-validity: 10 > {quote} > But only the standard login screen is shown. What am I missing? -- This message was sent by Atlassian JIRA (v7.6.3#76005)