thank you for taking the time to reply. yes, it seems that the token is correctly returned from the idP.
i have checked clocks and run ntpdate to be sure on both sides. openid related config in guacamole is: # OpenIDC properties openid-authorization-endpoint: https://authexample.com/auth/realms/demo/protocol/openid-connect/auth openid-client-id: guacamole openid-redirect-uri: http://guacamole.example.com:8080/guacamole/#/ openid-jwks-endpoint: https://authexample.com/auth/realms/demo/protocol/openid-connect/certs openid-issuer: https://authexample.com/auth/realms/demo openid-username-claim-type: username openid-scope: openid email profile openid-allowed-clock-skew: 500 i have tried previous suggestions regarding openid-redirect-id (include #, remove it , include trailing /, remove it etc) . i cant see what else there is incorrect. tomcat/guacamole log is here: https://pastebin.com/margaVjs (this is from startup to redirect problem) thank you -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
