Whoops, sorry! I use LDAP for the User Federation in Keycloak. Under 'User Federation' -> 'Ldap' -> 'LDAP Mappers' -> 'groups' is where my mapper is.
On Mon, Jan 4, 2021 at 9:08 AM Владислав Львов <tobes...@yandex.ru> wrote: > Hello! > Thank you for your answer! > I run docker Keycloak on default setting. > Looks like there no built in scope "groups" > But i can try to add it! > Can you show how it looks like on your side?(scope,mappers and other > settings?) > Thank you in advance! > > > 04.01.2021, 16:10, "Tim Worcester" <timothy.worces...@gmail.com>: > > I have seen this issue for Keycloak specifically, can you list your client > scopes? It should look something like this: > [image: image.png] > > I would make sure that email, groups and profile are in your default > client scope. That resolved the issue for me. > > On Mon, Jan 4, 2021 at 5:23 AM Владислав Львов <tobes...@yandex.ru> wrote: > > Hello! > Thank you for your answer! > > Is there any workaround? > Looks like Gluu allways use state parameter and there is no way to turn it > off :( > Only thing that i could find is here - > https://gluu.org/docs/gluu-server/4.2/api-guide/openid-connect-api/ > state - false :( > > 03.01.2021, 23:32, "Nick Couchman" <vn...@apache.org>: > > On Sun, Jan 3, 2021 at 2:38 PM Владислав Львов <tobes...@yandex.ru> wrote: > > > Hello! > I need help with OpenID > My project: > > I need to provide users with access to remote desktops (RDP) via browser. > But I want to use standalone server like Gluu (the one that we are > currently using) or even better - Keycloak, so we won't have to use > Guacamole for authorization. I tested both of them, the result looks quite > the same. > ... > Now setup is over. I open browser and try to go to https://guac.homelab > I enter login and password and get into the loop as it's shown in the > videos: > https://youtu.be/OjwhCB9pjQw > https://youtu.be/1dbNnVKp6PA > > > > It's possible you're running into this issue: > > https://issues.apache.org/jira/browse/GUACAMOLE-560 > > Certain OpenID providers require the "state" parameter, even though the > specification for that flow doesn't explicitly call it out. > > > Guacamole logs are attached below or available here: > https://dropmefiles.com/d2D95 > > Can you tell me what am I doing wrong? > My colleagues suggest that the problem could be in the character #, which > is used by Guacamole. Could it be the reason of the issue? > > > > No, I don't think the "#" in the URL is causing an issue - I believe it's > likely the lack of the state parameter. > > -Nick > > > > -- > ________________ > Львов Влад > tobes...@yandex.ru > > > > > > -- > ________________ > Львов Влад > tobes...@yandex.ru > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org
