Dave Smith created GUACAMOLE-560:
------------------------------------
Summary: Support OIDC from Okta
Key: GUACAMOLE-560
URL: https://issues.apache.org/jira/browse/GUACAMOLE-560
Project: Guacamole
Issue Type: New Feature
Components: guacamole-auth-openid
Affects Versions: 0.9.14
Reporter: Dave Smith
{quote}i've tried to get this setup. Unfortunately it seems Okta insist (even
with Single Page App (SPA)) to have state field in the POST even if (when using
SPA) it's not actually used. The guacamole client just goes in a redirect loop
with error in URL visible of "invalid state".
With SPA the state parameter can even be some random letters, but must be
there. Using OIDCDebugger.com gleans this:{quote}
{quote}
error=invalid_request
error_description=The authentication request has an invalid 'state'
parameter.
yet by adding a bunch of x's to the state parameter..
i get a much more positive response:
state=xxxxxxxxxxxxx
id_token=eyJraWQiOiI0NlpNbjlZZG5HQ1AxMGhDUWs5VWtvc2ljUmltTURJRDBBbVh1dWhHUUhrIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHUxMDAxNnVwUzhFaENuMjJwNyIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9hdG9zbXBjYXdzLm9rdGEuY29tIiwiYXVkIjoiMG9hMTIzZG8weXNibFN4dUoycDciLCJpYXQiOjE1MjQ3NTQwOTUsImV4cCI6MTUyNDc1NzY5NSwianRpIjoiSUQuRmZGYzFpZlA2VG
I'd kindly ask that state could be added as an optional parameter to the guac
properties file.{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
