Hey Nick, Thanks for the response!
I suspected as much, unfortunately I am unsure why it’s not seeing the token. Like I said, I don’t have anything else that uses OpenID to test the setup. Hopefully Mike is able to assist when he gets a chance. Thanks again for the help, it’s greatly appreciated. ________________________________ From: Nick Couchman <[email protected]> Sent: Friday, February 9, 2018 8:40:25 AM To: [email protected] Subject: Re: OpenID-Connect HTTP 500 On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier <[email protected]<mailto:[email protected]>> wrote: The response paylode is: {"message":"Invalid login.","translatableMessage":{"key":"Invalid login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus tin-tech.com/auth/realms/Justin-Tech/protocol/openid- connect/auth?scope=openid+email+profile&response_type=id_token&client_i d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-<http://tin-tech.com/auth/realms/Justin-Tech/protocol/openid- connect/auth?scope=openid+email+profile&response_type=id_token&client_i d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-> tech.com<http://tech.com>%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT IALS"} I also see a GET for https://guacamole.justin-tech.com/#session_state=b 1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]¬-before- policy=1518147539 Mike can probably provide more precise information, but my guess is that there is something about the response being sent back to the Guacamole Session that Guacamole is unhappy about - either it isn't seeing the id_token parameter when it expects to, or it's in a format it doesn't expect, or something like that. I've not used Guacamole with OIDC, so I'm not going to be of very much help, here. -Nick
