Hello, I am using Keycloak on Guacamole and I have no problems.
The only difference is that I have the following settings: Standard Flow Enabled: Off Direct Access Grants Enabled: Off And in extensions I have only: guacamole-auth-0-openid-1.0.0.jar guacamole-auth-jdbc-mysql-1.0.0.jar Em qua, 11 de set de 2019 às 13:56, Stephan Leruth <[email protected]> escreveu: > Hello, > > I use Guacamole in version 1.0.0 and it works perfectly. > I configured the connection via LDAP (Active Directory) and this allows me > to give access rights to certain users. However, I receive many complaints > because the users want to implement a single sign-on (SSO). > > By reading the Apache Guacamole documentation, I read that authentication > by OpenID is supported. I decided to set up a Keycloak server. > Once it was correctly configured (SSO functional but no client > configured), I tried to configure Guacamole. After several days of testing, > I always have the same error : an infinite loop during authentication ! > > I have read different topics on the Internet that indicate that this is an > identified problem and should be corrected in the following versions > (1.2.0). Correct ? > I also read this guide ( > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which indicates > that the patch can be done manually. After completing these commands, it > does not work better. > > I allow myself to add my Keycloak and Guacamole configuration for can be > identify a big mistake on my part ? > > #OpenID Authentication > openid-authorization-endpoint: > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth > openid-jwks-endpoint: > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs > openid-issuer: https://sso01.dom.domain.local/auth/realms/master > openid-client-id: guacamole > openid-redirect-uri: https://guacamole.dom.domain.local/guacamole > openid-username-claim-type: username > openid-scope: openid email profile > openid-allowed-clock-skew: 500 > > Thank you ! > > > Shaguu > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
