I missed it on my initial read-through, it looks like in your URL in the
video that Guacamole is only requesting: 'openid email profile'. What you
have should be sufficient for what you have configured...Seeing as I am
running Keycloak with this right now I think we are missing a piece to this
Whoops, sorry!
I use LDAP for the User Federation in Keycloak. Under 'User Federation' ->
'Ldap' -> 'LDAP Mappers' -> 'groups' is where my mapper is.
On Mon, Jan 4, 2021 at 9:08 AM Владислав Львов wrote:
> Hello!
> Thank you for your answer!
> I run docker Keycloak on default setting.
> Looks
Hello!Thank you for your answer!I run docker Keycloak on default setting.Looks like there no built in scope "groups"But i can try to add it!Can you show how it looks like on your side?(scope,mappers and other settings?)Thank you in advance! 04.01.2021, 16:10, "Tim Worcester" :I have seen this
I have seen this issue for Keycloak specifically, can you list your client
scopes? It should look something like this:
[image: image.png]
I would make sure that email, groups and profile are in your default client
scope. That resolved the issue for me.
On Mon, Jan 4, 2021 at 5:23 AM Владислав
Hello!Thank you for your answer! Is there any workaround?Looks like Gluu allways use state parameter and there is no way to turn it off :(Only thing that i could find is here - https://gluu.org/docs/gluu-server/4.2/api-guide/openid-connect-api/state - false :( 03.01.2021, 23:32, "Nick Couchman"