On Thu, Dec 6, 2018 at 12:13 AM B3r3n <b3...@argosnet.com> wrote: > Hello Mike, > > Ok well noted. > > What about my assumptions related to # in URL ? > Even recognized by Guacamole, if tomcat or Apache in front dont relay it, > this > will not be received/used by Guacamole.
The AngularJS side of the web application handles that part of the URL. When any page within the webapp is visited, an authentication attempt is made which contains all parameters within the URL fragment. The id_token is thus forwarded along to the authentication subsystem and the server side of the webapp will reach out to the IDP to verify the token. The reason that the id_token is not being received in your case is due to the issue I noted in my previous email, with the workaround for AngularJS parameter mangling not taking effect due to id_token not being the first parameter. - Mike