On Tue, Mar 14, 2023 at 10:30 AM Venkata Reddy < [email protected]> wrote:
> > Hi Team, >> > >> We are integrating guacamole 1.4.0 with keycloak by using the below >> OPENID attributes. >> >> OPENID_AUTHORIZATION_ENDPOINT: " >> https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/auth >> " >> OPENID_JWKS_ENDPOINT: " >> https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs >> " >> OPENID_ISSUER: " >> https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master"; >> OPENID_CLIENT_ID: "guacamole-client" >> OPENID_REDIRECT_URI: "http://guacamole:8080"; >> >> We observed that the application URL is redirected to keycloak for >> authentication and then redirection to the application URL is failing with >> the below error message. But we didn't add keycloak certificates to >> guacamole container. Will it give any issue? if yes, please share the >> procedure to update the certificates. >> >> 13:13:57.927 [http-nio-8080-exec-2] INFO >> o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT >> processing failed. Additional details: [[17] Unable to process JOSE object >> (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable >> verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : >> "b_miyK9tDisD--lStj4nX5AmaoX3EHsrvGysA9TVD8c"} due to an unexpected >> exception (java.net.SocketTimeoutException: connect timed out) while >> obtaining or using keys from JWKS endpoint at >> https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs >> ): >> <https://l0001spapka0005.rp.de.dmn.local/auth/realms/Symworld/protocol/openid-connect/certs):> >> ... >> > Authentication is failing because Guacamole is not able to reach your OpenID server over the network. It's trying to reach the JWKS endpoint specified. - Mike
