On Tue, May 26, 2020 at 12:39 PM Tom Schoonjans
<[email protected]> wrote:
> Hi all,
>
>
>
> I have been running Guacamole with LDAP authentication (and MariaDB as
> database backend) for a couple of weeks now and I am currently exploring
> switching to OpenID Connect based auth.
>
> I have got the authentication itself working as I can access the web
> interface but I’m not sure how to use this with the REST API: I like to
> administer my Guacamole instance for our dozens of users through Ansible,
> and I have until now been using something like this to get a token:
>
> - name: "Authenticate as {{ guacadmin_username }}"
> uri:
> url: "{{ guacamole_url }}/api/tokens"
> body_format: form-urlencoded
> body:
> username: "{{ guacadmin_username }}"
> password: "{{ guacadmin_password }}"
> method: POST
> status_code: 200
> return_content: True
> register: guactoken
> become: False
>
>
> This approach no longer works since switching to OIDC, which I kind of
> expected given that I need to go the OpenID provider sign-in page to get
> authenticated.
>
> Any thoughts on how I can get my authToken now?
>
>
You could try making sure that the LDAP authentication module is loaded and
processed prior to the OIDC module by making sure that the name of the LDAP
module comes alphabetically prior to the OIDC module. This will likely be
the default, and may not make a difference, but it's worth a look.
-Nick
