Hello,
I use Guacamole in version 1.0.0 and it works perfectly.
I configured the connection via LDAP (Active Directory) and this allows me to give access rights to certain users. However, I receive many complaints because the users want to implement a single sign-on (SSO).
By reading the Apache Guacamole documentation, I read that authentication by OpenID is supported. I decided to set up a Keycloak server.
Once it was correctly configured (SSO functional but no client configured), I tried to configure Guacamole. After several days of testing, I always have the same error : an infinite loop during authentication !
I have read different topics on the Internet that indicate that this is an identified problem and should be corrected in the following versions (1.2.0). Correct ?
I also read this guide (https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which indicates that the patch can be done manually. After completing these commands, it does not work better.
I also read this guide (https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which indicates that the patch can be done manually. After completing these commands, it does not work better.
I allow myself to add my Keycloak and Guacamole configuration for can be identify a big mistake on my part ?
#OpenID Authentication
openid-authorization-endpoint: https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth
openid-jwks-endpoint: https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs
openid-issuer: https://sso01.dom.domain.local/auth/realms/master
openid-client-id: guacamole
openid-redirect-uri: https://guacamole.dom.domain.local/guacamole
openid-username-claim-type: username
openid-scope: openid email profile
openid-allowed-clock-skew: 500
openid-authorization-endpoint: https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth
openid-jwks-endpoint: https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs
openid-issuer: https://sso01.dom.domain.local/auth/realms/master
openid-client-id: guacamole
openid-redirect-uri: https://guacamole.dom.domain.local/guacamole
openid-username-claim-type: username
openid-scope: openid email profile
openid-allowed-clock-skew: 500
Thank you !
Shaguu
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
