Hey Nick,

Thanks for the response!

I suspected as much, unfortunately I am unsure why it’s not seeing the token. 
Like I said, I don’t have anything else that uses OpenID to test the setup.

Hopefully Mike is able to assist when he gets a chance.

Thanks again for the help, it’s greatly appreciated.

________________________________
From: Nick Couchman <nick.e.couch...@gmail.com>
Sent: Friday, February 9, 2018 8:40:25 AM
To: user@guacamole.apache.org
Subject: Re: OpenID-Connect HTTP 500

On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier 
<jus...@justin-tech.com<mailto:jus...@justin-tech.com>> wrote:
The response paylode is: {"message":"Invalid
login.","translatableMessage":{"key":"Invalid
login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok
en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus
tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
connect/auth?scope=openid+email+profile&response_type=id_token&client_i
d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-<http://tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
connect/auth?scope=openid+email+profile&response_type=id_token&client_i
d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin->
tech.com<http://tech.com>%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT
IALS"}

I also see a GET for https://guacamole.justin-tech.com/#session_state=b
1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]&not-before-
policy=1518147539


Mike can probably provide more precise information, but my guess is that there 
is something about the response being sent back to the Guacamole Session that 
Guacamole is unhappy about - either it isn't seeing the id_token parameter when 
it expects to, or it's in a format it doesn't expect, or something like that.  
I've not used Guacamole with OIDC, so I'm not going to be of very much help, 
here.

-Nick

Reply via email to