[jira] [Closed] (GUACAMOLE-1251) OpenID connect and #

Mon, 04 Jan 2021 04:58:07 -0800 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Couchman closed GUACAMOLE-1251.
------------------------------------
    Resolution: Duplicate

I responded to your e-mail on the mailing list. This almost certainly has 
nothing to do with the "#" in the Guacamole URL, and is probably related to 
GUACAMOLE-560, which deals with certain OpenID IdPs requiring the state 
parameter, despite the fact that the specification doesn't require it.

> OpenID connect and #
> --------------------
>
>                 Key: GUACAMOLE-1251
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1251
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-openid
>    Affects Versions: 1.3.0
>         Environment: native
>            Reporter: Alexander
>            Priority: Major
>         Attachments: 12345.zip
>
>
> Hello!
> I need help with OpenID
> My project:
>  
> I need to provide users with access to remote desktops (RDP) via browser.
> But I want to use standalone server like Gluu (the one that we are currently 
> using) or even better - Keycloak, so we won't have to use Guacamole for 
> authorization. I tested both of them, the result looks quite the same.
> This is how I tested: I manually created a local account 'user1' on Gluu/KC 
> (Is there a necessary to have an account with the same login and password on 
> Guacamole? Or a new user will be created?)
> I'm using Guacamole 1.2. I installed the extension as recommended here: 
> https://guacamole.apache.org/doc/gug/openid-auth.html
> Also I found out there that 'implicit flow' is used.
> Minimal parameters that must be specified:
>  
> openid-authorization-endpoint: 
> openid-jwks-endpoint: 
> openid-issuer:
> openid-client-id:
> openid-redirect-uri:
>  
> Ok, then i going to edit guacamole.properties
> __________________________________________________________________________________________________
> if I use Gluu
> openid-authorization-endpoint: https://gluu.homelab/oxauth/restv1/authorize
> openid-jwks-endpoint: https://gluu.homelab/oxauth/restv1/jwks
> openid-issuer: https://gluu.homelab
> openid-client-id: 64f2088d-d9f8-4742-906b-497219446e9f
> openid-redirect-uri http://guac.homelab
>  
> on Gluu side
> https://i.imgur.com/VSW17o7.png
> OPENID CONNECT CLIENTS DETAILS
> ------------------------------
> - Name: guac
> - Client ID: 64f2088d-d9f8-4742-906b-497219446e9f
> - Subject Type: pairwise
> - ClientSecret: XXXXXXXXXXX
> - Application Type: web
> - Persist Client Authorizations: false
> - Pre-Authorization: false
> - Authentication method for the Token Endpoint: client_secret_jwt
> - Logout Session Required: false
> - Include Claims In Id Token: false
> - Disabled: false
> - Login Redirect URIs: [https://guac.homelab]
> - Grant types: [implicit, authorization_code, client_credentials, 
> refresh_token]
> - Response types: [token, code, id_token]
> __________________________________________________________________________________________________
> if I use Keycloak
> openid-authorization-endpoint: 
> http://kc.homelab/auth/realms/homelab/protocol/openid-connect/auth
> openid-jwks-endpoint: 
> http://kc.homelab/auth/realms/homelab/protocol/openid-connect/certs
> openid-issuer: http://kc.homelab/auth/realms/homelab
> openid-client-id: guacamole
> openid-redirect-uri: https://guac.homelab
>  
> on Keycloak side
> https://i.imgur.com/EBti48h.png
> set client id - guacamole
> enable "Implicit Flow"
> set Base url https://guac.homelab
> __________________________________________________________________________________________________
>  
> Now setup is over. I open browser and try to go to https://guac.homelab
> I enter login and password and get into the loop as it's shown in the videos:
> https://youtu.be/OjwhCB9pjQw
> https://youtu.be/1dbNnVKp6PA
>  
> Guacamole logs are attached below or available here: 
> https://dropmefiles.com/d2D95
>  
> Can you tell me what am I doing wrong?
> My colleagues suggest that the problem could be in the character #, which is 
> used by Guacamole. Could it be the reason of the issue?
>  
> P.S.
> I tried to connect other products via openid to KC/Gluu (open source crm) and 
> everything works just fine.
> I found similar issue here:
> https://www.reddit.com/r/homelab/comments/bukjbe/help_with_gluu_open_id_connect_to_guacamole/epdtj8k/
> And the video that looks like mine:
> https://i.imgur.com/MwWppLs.mp4
>  
> Thank you in advance!
> Best regards



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to