Hello Mike,
Well noted, I will test that ASAP.
However, since I moved using header auth, I would like to try achieving it.
My only issue is with the logout feature of Guacamole.
Apparently it sends a DELETE /guacamole/api/tokens/token_id. I
intended to change it to another GET /url logging out but whatever I
do, right after browser sends a POST /guacamole/api/tokens and regets a token.
Is there an URL I could use to logout from guacamole but where the
browser will accept a returning GET, redirect, whatever so it can
really be logged out from OpenID ?
Thanks
Brgrds
At 01:58 08/12/2018, Mike Jumper wrote:
On Thu, Dec 6, 2018 at 12:26 AM Mike Jumper
<<mailto:[email protected]>[email protected]> wrote:
On Thu, Dec 6, 2018 at 12:13 AM B3r3n
<<mailto:[email protected]>[email protected]> wrote:
Hello Mike,
Ok well noted.
What about my assumptions related to # in URL ?
Even recognized by Guacamole, if tomcat or Apache in front dont relay it, this
will not be received/used by Guacamole.
The AngularJS side of the web application handles that part of the
URL. When any page within the webapp is visited, an authentication
attempt is made which contains all parameters within the URL
fragment. The id_token is thus forwarded along to the authentication
subsystem and the server side of the webapp will reach out to the
IDP to verify the token.
The reason that the id_token is not being received in your case is
due to the issue I noted in my previous email, with the workaround
for AngularJS parameter mangling not taking effect due to id_token
not being the first parameter.
Hi B3r3n,
I've made some changes which should hopefully properly handle the
"id_token" parameter regardless of where it occurs within the URL
fragment. When you can, please build and test against the
"openid-token" branch of my fork and see if that solves things for you:
<https://github.com/mike-jumper/guacamole-client/tree/openid-token>https://github.com/mike-jumper/guacamole-client/tree/openid-token
You'll need to use both the guacamole-*.war and
guacamole-auth-openid-*.jar files resulting from building
guacamole-client from the above branch.
If this solves things, I'll open an issue in JIRA and a PR for the changes.
Thanks,
- Mike
