Maybe I'm not fully understanding how the OpenID extension should work, but I believe instead of logging in with the standard Guacamole client login screen the user should be forwarded to the OpenID Connect IdP (in this case Google) to authenticate and then be sent back to the Guacamole client. In the case of my implementation this redirect isn't happening.
The extension is loaded: 09:00:44.048 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". 09:00:45.357 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" loaded. 09:00:45.361 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". 09:00:45.533 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "OpenID Authentication Extension" loaded. And the guacamole.properties file is configured: openid-authorization-endpoint: https://accounts.google.com/o/oauth2/v2/auth openid-jwks-endpoint: https://www.googleapis.com/oauth2/v3/certs openid-issuer: https://accounts.google.com openid-client-id: xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com openid-redirect-uri: https://servers.xxxxxxxxxxxxxxxx.co.uk openid-username-claim-type: email openid-scope: openid email profile openid-allowed-clock-skew: 60 openid-max-token-validity: 300 openid-max-nonce-validity: 10 But only the standard login screen is shown. What am I missing? I've checked the browser console and there are no obvious errors other than the 403 error from /api/tokens which is triggered because I'm not logged in.
