Hi Nick,
Unfortunately your approach doesn’t work: as soon as LDAP is the primary authentication mechanism, OIDC is ignored: the login page switches back to the default Guacamole page, and there is no way anymore for users to login using their OpenID credentials. Tom > On 26 May 2020, at 17:54, Nick Couchman <[email protected]> wrote: > > On Tue, May 26, 2020 at 12:39 PM Tom Schoonjans > <[email protected]> wrote: > Hi all, > > > > I have been running Guacamole with LDAP authentication (and MariaDB as > database backend) for a couple of weeks now and I am currently exploring > switching to OpenID Connect based auth. > > I have got the authentication itself working as I can access the web > interface but I’m not sure how to use this with the REST API: I like to > administer my Guacamole instance for our dozens of users through Ansible, and > I have until now been using something like this to get a token: > > - name: "Authenticate as {{ guacadmin_username }}" > uri: > url: "{{ guacamole_url }}/api/tokens" > body_format: form-urlencoded > body: > username: "{{ guacadmin_username }}" > password: "{{ guacadmin_password }}" > method: POST > status_code: 200 > return_content: True > register: guactoken > become: False > > > This approach no longer works since switching to OIDC, which I kind of > expected given that I need to go the OpenID provider sign-in page to get > authenticated. > > Any thoughts on how I can get my authToken now? > > > You could try making sure that the LDAP authentication module is loaded and > processed prior to the OIDC module by making sure that the name of the LDAP > module comes alphabetically prior to the OIDC module. This will likely be > the default, and may not make a difference, but it's worth a look. > > -Nick
