> On Thu, Dec 13, 2018 at 11:14 AM B3r3n <[email protected]> wrote: >> >> Hello Mike, >> >> Well noted, I will test that ASAP. >> > > Thanks, B3r3n. > >> However, since I moved using header auth, I would like to try achieving it. >> My only issue is with the logout feature of Guacamole. >> >> Apparently it sends a DELETE /guacamole/api/tokens/token_id. I >> intended to change it to another GET /url logging out but whatever I >> do, right after browser sends a POST /guacamole/api/tokens and regets a >> token. >> > > With the header authentication, you will be immediately > re-authenticated so long as the header that authenticates you is > present in the HTTP request. > >> Is there an URL I could use to logout from guacamole but where the >> browser will accept a returning GET, redirect, whatever so it can >> really be logged out from OpenID ? > > Single logout for OpenID Connect is not currently implemented in Guacamole: > > https://issues.apache.org/jira/browse/GUACAMOLE-519 > > The path forward to implement that for OpenID is fairly clear - it > would just need to be done. I don't know what would need to be done > for the generic header authentication, where there's no standard > defining how logout should be signaled to the IDP. I agree, but my intention was to use a Apache Rewriterule or ProxyHTMLurlmap, or RewriteHTML to change the DELETE token URL to my logout OIDC URL. That's why I would just like to know what do you expect once you sent this DELETE token. If I can replace it by my logout URL, would remove the header variable and bingo, clean logout from Guacamole :-)
> > - Mike > > >
