Hi Stephan,
My nginx configuration is:
location / {
proxy_pass http://localhost:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
And my guacamole.properties:
openid-authorization-endpoint:
https://keycloak/auth/realms/master/protocol/openid-connect/auth
openid-jwks-endpoint:
https://keycloak/auth/realms/master/protocol/openid-connect/certs
openid-issuer: https://keycloak/auth/realms/master
openid-client-id: guacamole
openid-redirect-uri: https://guacamole.com.br/
openid-scope: openid email profile
openid-username-claim-type: preferred_username
Em qua, 11 de set de 2019 às 18:36, Stephan Leruth <[email protected]>
escreveu:
>
> Hello,
>
> I applied the same settings as you but the problem is not solved.
>
> Could you tell me your NGINX configuration ?
>
> Thank you
>
>
> sur 11/09/2019 le 23:26, Rafael Ramos écrivit:
>
> > Hello,
> >
> > I am using Keycloak on Guacamole and I have no problems.
> >
> > The only difference is that I have the following settings:
> > Standard Flow Enabled: Off
> > Direct Access Grants Enabled: Off
> >
> > And in extensions I have only:
> > guacamole-auth-0-openid-1.0.0.jar guacamole-auth-jdbc-mysql-1.0.0.jar
> >
> > Em qua, 11 de set de 2019 às 13:56, Stephan Leruth <[email protected]>
> > escreveu:
> >
> > > Hello,
> > >
> > > I use Guacamole in version 1.0.0 and it works perfectly.
> > > I configured the connection via LDAP (Active Directory) and this
> allows me
> > > to give access rights to certain users. However, I receive many
> complaints
> > > because the users want to implement a single sign-on (SSO).
> > >
> > > By reading the Apache Guacamole documentation, I read that
> authentication
> > > by OpenID is supported. I decided to set up a Keycloak server.
> > > Once it was correctly configured (SSO functional but no client
> > > configured), I tried to configure Guacamole. After several days of
> testing,
> > > I always have the same error : an infinite loop during authentication !
> > >
> > > I have read different topics on the Internet that indicate that this
> is an
> > > identified problem and should be corrected in the following versions
> > > (1.2.0). Correct ?
> > > I also read this guide (
> > > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which
> indicates
> > > that the patch can be done manually. After completing these commands,
> it
> > > does not work better.
> > >
> > > I allow myself to add my Keycloak and Guacamole configuration for can
> be
> > > identify a big mistake on my part ?
> > >
> > > #OpenID Authentication
> > > openid-authorization-endpoint:
> > >
> https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth
> > > openid-jwks-endpoint:
> > >
> https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs
> > > openid-issuer: https://sso01.dom.domain.local/auth/realms/master
> > > openid-client-id: guacamole
> > > openid-redirect-uri: https://guacamole.dom.domain.local/guacamole
> > > openid-username-claim-type: username
> > > openid-scope: openid email profile
> > > openid-allowed-clock-skew: 500
> > >
> > > Thank you !
> > >
> > >
> > > Shaguu
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
