On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier <jus...@justin-tech.com> wrote:
> The response paylode is: {"message":"Invalid > login.","translatableMessage":{"key":"Invalid > login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok > en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus > tin-tech.com/auth/realms/Justin-Tech/protocol/openid- > connect/auth?scope=openid+email+profile&response_type=id_token&client_i > d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin- > tech.com%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT > IALS"} > > I also see a GET for https://guacamole.justin-tech.com/#session_state=b > 1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]¬-before- > policy=1518147539 > > Mike can probably provide more precise information, but my guess is that there is something about the response being sent back to the Guacamole Session that Guacamole is unhappy about - either it isn't seeing the id_token parameter when it expects to, or it's in a format it doesn't expect, or something like that. I've not used Guacamole with OIDC, so I'm not going to be of very much help, here. -Nick