On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier <jus...@justin-tech.com>

> The response paylode is: {"message":"Invalid
> login.","translatableMessage":{"key":"Invalid
> login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok
> en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus
> tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
> connect/auth?scope=openid+email+profile&response_type=id_token&client_i
> d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-
> tech.com%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT
> IALS"}
> I also see a GET for https://guacamole.justin-tech.com/#session_state=b
> 1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]&not-before-
> policy=1518147539
Mike can probably provide more precise information, but my guess is that
there is something about the response being sent back to the Guacamole
Session that Guacamole is unhappy about - either it isn't seeing the
id_token parameter when it expects to, or it's in a format it doesn't
expect, or something like that.  I've not used Guacamole with OIDC, so I'm
not going to be of very much help, here.


Reply via email to