On Thu, May 30, 2019 at 4:34 PM Nick Couchman <[email protected]> wrote:
> On Thu, May 30, 2019 at 02:09 Yang Yang <[email protected]> wrote: > >> Hello, >> >> I solved this issue by making a small change to two files for the openid >> extension and rebuild it: >> >> ~/guacamole-client-1.0.0/extensions/guacamole-auth-openid/src/main/resources/config/openidConfig.js >> >> ~/guacamole-client-1.0.0/extensions/guacamole-auth-openid/target/classes/config/openidConfig.js >> >> /** >> * Config block which augments the existing routing, providing special >> handling >> * for the "id_token=" fragments provided by OpenID Connect. >> */ >> angular.module('index').config(['$routeProvider', >> function indexRouteConfig($routeProvider) { >> >> // Transform "/#/id_token=..." to "/#/?id_token=…" >> -- $routeProvider.when('/id_token=:response', { >> ++ $routeProvider.when(‘/&id_token=:response', { >> > > > While this change fixes things for your use case, I suspect that it may > break things for other instances of OpenID providers. At the very least > such a change would need to be thoroughly tested with multiple OpenID > providers. > The above change to the regex would indeed break things for any IDP that places the id_token at the beginning of the string. The fact that the id_token parameter will not always occur at the beginning of the parameter list was identified in an older thread: https://lists.apache.org/thread.html/cc0a9300086c55e25d59d73d025d6e0be07b42cc8903f4de1c1b48a5@%3Cuser.guacamole.apache.org%3E That thread resulted in the following proposed change, with the intent to open a JIRA issue and PR if it could be confirmed to solve the issue: https://github.com/apache/guacamole-client/compare/master...mike-jumper:openid-token That confirmation never came. If the above could be confirmed, I would suggest moving forward with the changes I proposed in that older thread. They are intended to handle the id_token parameter regardless of where it's located, not just at the beginning (current implementation) or anywhere BUT the beginning (the patch in this latest thread), however I'm not 100% sure the regex in my changes is correct, either. - Mike
