On Wed, May 2, 2018 at 7:29 AM, Dave Smith <[email protected]> wrote:
> hi all, > > i've tried to get this setup. Unfortunately it seems Okta insist (even > with Single Page App (SPA)) to have state field in the POST even if (when > using SPA) it's not actually used. The guacamole client just goes in a > redirect loop with error in URL visible of "invalid state". > > > With SPA the state parameter can even be some random letters, but must be > there. Using OIDCDebugger.com gleans this: > > error=invalid_request > error_description=The authentication request has an invalid > 'state' parameter. > > yet by adding a bunch of x's to the state parameter.. > > i get a much more positive response: > state=xxxxxxxxxxxxx > id_token=eyJraWQiOiI0NlpNbjlZZG5HQ1AxMGhDUWs5VWtvc2ljUmltTUR > JRDBBbVh1dWhHUUhrIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHUxMDAx > NnVwUzhFaENuMjJwNyIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9hdG9zbXBj > YXdzLm9rdGEuY29tIiwiYXVkIjoiMG9hMTIzZG8weXNibFN4dUoycDciLCJp > YXQiOjE1MjQ3NTQwOTUsImV4cCI6MTUyNDc1NzY5NSwianRpIjoiSUQuRmZGYzFpZlA2VG > > did anyone successfully use Okta with OIDC in Guacamole? If not I'd kindly > ask that state could be added as an optional parameter to the guac > properties file. > > You'll probably want to put in a feature request on the Guacamole JIRA site for this: https://issues.apache.org/jira/projects/GUACAMOLE/issues -Nick
