I tried the link in a browser and noticed this error from Microsoft AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.
I was able to confirm in the logs that guacamole was using a “get” request for the token request. I haven’t dug into the code to determine if there is a way to coax guacamole to use a post or options request. If guacamole only does “get” requests for jwt, I guess I’m dead in the water. Thanks, Hiram Amador From: Michael Jumper <[email protected]> Sent: Wednesday, August 17, 2022 7:51 PM To: [email protected] Subject: [EXTERNAL] Re: OpenID configuration with Azure AD stuck in loop CAUTION: This email originated from an external source and may contain harmful attachments or links. Please do not follow any links or open any attachments unless you recognize the sender and are expecting these communications from them. Please contact the IT Help Desk to report any suspicious emails. On Wed, Aug 17, 2022, 08:25 Hiram Amador <[email protected]<mailto:[email protected]>> wrote: Hi, I set up guacamole under docker and I think I have Open ID set up so that guacamole can forward the authentication to Azure AD. I think there is something wrong with the reply to URL I am using. It feels like authentication is going through a loop. The OpenID documentation doesn’t mention whether I’m supposed to send the auth to the guacamole home page or whether I should be setting very specific parameters to confirm authentication has succeeded. What do you mean? If Guacamole is configured to use OpenID for auth, it's Guacamole that will confirm auth succeeded. When a user visits Guacamole, they'll be redirected to the IdP to authenticate, the IdP will redirect them back to Guacamole, and Guacamole will validate what it received from the IdP and allow the user in. The Audit logs in Azure AD tells me that authentication is succeeding. In fact, it looks like auth happens 9 times before Azure AD stops from all the auths. Let me know if there is more information I should provide. What do you see in the Guacamole logs when the loop occurs? There should be errors, warnings, etc. that describe why authentication is failing. - Mike
