Hello,
I applied the same settings as you but the problem is not solved. Could you tell me your NGINX configuration ? Thank you sur 11/09/2019 le 23:26, Rafael Ramos écrivit: > Hello, > > I am using Keycloak on Guacamole and I have no problems. > > The only difference is that I have the following settings: > Standard Flow Enabled: Off > Direct Access Grants Enabled: Off > > And in extensions I have only: > guacamole-auth-0-openid-1.0.0.jar guacamole-auth-jdbc-mysql-1.0.0.jar > > Em qua, 11 de set de 2019 às 13:56, Stephan Leruth <[email protected]> > escreveu: > > > Hello, > > > > I use Guacamole in version 1.0.0 and it works perfectly. > > I configured the connection via LDAP (Active Directory) and this allows me > > to give access rights to certain users. However, I receive many complaints > > because the users want to implement a single sign-on (SSO). > > > > By reading the Apache Guacamole documentation, I read that authentication > > by OpenID is supported. I decided to set up a Keycloak server. > > Once it was correctly configured (SSO functional but no client > > configured), I tried to configure Guacamole. After several days of testing, > > I always have the same error : an infinite loop during authentication ! > > > > I have read different topics on the Internet that indicate that this is an > > identified problem and should be corrected in the following versions > > (1.2.0). Correct ? > > I also read this guide ( > > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which indicates > > that the patch can be done manually. After completing these commands, it > > does not work better. > > > > I allow myself to add my Keycloak and Guacamole configuration for can be > > identify a big mistake on my part ? > > > > #OpenID Authentication > > openid-authorization-endpoint: > > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth > > openid-jwks-endpoint: > > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs > > openid-issuer: https://sso01.dom.domain.local/auth/realms/master > > openid-client-id: guacamole > > openid-redirect-uri: https://guacamole.dom.domain.local/guacamole > > openid-username-claim-type: username > > openid-scope: openid email profile > > openid-allowed-clock-skew: 500 > > > > Thank you ! > > > > > > Shaguu > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
