[ https://issues.apache.org/jira/browse/GUACAMOLE-1251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman closed GUACAMOLE-1251. ------------------------------------ Resolution: Duplicate I responded to your e-mail on the mailing list. This almost certainly has nothing to do with the "#" in the Guacamole URL, and is probably related to GUACAMOLE-560, which deals with certain OpenID IdPs requiring the state parameter, despite the fact that the specification doesn't require it. > OpenID connect and # > -------------------- > > Key: GUACAMOLE-1251 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-1251 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-openid > Affects Versions: 1.3.0 > Environment: native > Reporter: Alexander > Priority: Major > Attachments: 12345.zip > > > Hello! > I need help with OpenID > My project: > > I need to provide users with access to remote desktops (RDP) via browser. > But I want to use standalone server like Gluu (the one that we are currently > using) or even better - Keycloak, so we won't have to use Guacamole for > authorization. I tested both of them, the result looks quite the same. > This is how I tested: I manually created a local account 'user1' on Gluu/KC > (Is there a necessary to have an account with the same login and password on > Guacamole? Or a new user will be created?) > I'm using Guacamole 1.2. I installed the extension as recommended here: > https://guacamole.apache.org/doc/gug/openid-auth.html > Also I found out there that 'implicit flow' is used. > Minimal parameters that must be specified: > > openid-authorization-endpoint: > openid-jwks-endpoint: > openid-issuer: > openid-client-id: > openid-redirect-uri: > > Ok, then i going to edit guacamole.properties > __________________________________________________________________________________________________ > if I use Gluu > openid-authorization-endpoint: https://gluu.homelab/oxauth/restv1/authorize > openid-jwks-endpoint: https://gluu.homelab/oxauth/restv1/jwks > openid-issuer: https://gluu.homelab > openid-client-id: 64f2088d-d9f8-4742-906b-497219446e9f > openid-redirect-uri http://guac.homelab > > on Gluu side > https://i.imgur.com/VSW17o7.png > OPENID CONNECT CLIENTS DETAILS > ------------------------------ > - Name: guac > - Client ID: 64f2088d-d9f8-4742-906b-497219446e9f > - Subject Type: pairwise > - ClientSecret: XXXXXXXXXXX > - Application Type: web > - Persist Client Authorizations: false > - Pre-Authorization: false > - Authentication method for the Token Endpoint: client_secret_jwt > - Logout Session Required: false > - Include Claims In Id Token: false > - Disabled: false > - Login Redirect URIs: [https://guac.homelab] > - Grant types: [implicit, authorization_code, client_credentials, > refresh_token] > - Response types: [token, code, id_token] > __________________________________________________________________________________________________ > if I use Keycloak > openid-authorization-endpoint: > http://kc.homelab/auth/realms/homelab/protocol/openid-connect/auth > openid-jwks-endpoint: > http://kc.homelab/auth/realms/homelab/protocol/openid-connect/certs > openid-issuer: http://kc.homelab/auth/realms/homelab > openid-client-id: guacamole > openid-redirect-uri: https://guac.homelab > > on Keycloak side > https://i.imgur.com/EBti48h.png > set client id - guacamole > enable "Implicit Flow" > set Base url https://guac.homelab > __________________________________________________________________________________________________ > > Now setup is over. I open browser and try to go to https://guac.homelab > I enter login and password and get into the loop as it's shown in the videos: > https://youtu.be/OjwhCB9pjQw > https://youtu.be/1dbNnVKp6PA > > Guacamole logs are attached below or available here: > https://dropmefiles.com/d2D95 > > Can you tell me what am I doing wrong? > My colleagues suggest that the problem could be in the character #, which is > used by Guacamole. Could it be the reason of the issue? > > P.S. > I tried to connect other products via openid to KC/Gluu (open source crm) and > everything works just fine. > I found similar issue here: > https://www.reddit.com/r/homelab/comments/bukjbe/help_with_gluu_open_id_connect_to_guacamole/epdtj8k/ > And the video that looks like mine: > https://i.imgur.com/MwWppLs.mp4 > > Thank you in advance! > Best regards -- This message was sent by Atlassian Jira (v8.3.4#803005)