On Mon, Jun 17, 2024 at 12:55 AM Tobias Meier <tobias.meier...@gmail.com> wrote:
> Hi > > tl:dr I get auth problem if TOPT and openid SSO are on, each of them works > if used when the other one is deactivated. > > I've setup Guacamole on my LinuxContainer a while ago, works totally fine > with TOPT and password. > > Some days ago I setup integration with Authentik, that works also really > well, but only if I disable the TOPT extension. > > If the TOPT extension is enabled, it asks for a secondary TOPT, which is > weird but okay, then I get an auth error: > > [image: 340133467-4f4018cd-6208-4d03-b709-1d071b10e655.png] > > In the browser console I see: > > [image: 340133507-fa9d8120-db2b-4fc4-8016-b7a4e81242e4.png] > > In the log I see the following: > > Jun 16 22:22:48 guacamole tomcat9[188]: 22:22:48.150 [http-nio-8080-exec-8] > INFO o.a.g.r.auth.AuthenticationService - User "XXXX" successfully > authenticated from [192.168.1.200, 10.10.20.13]. > Jun 16 22:22:53 guacamole tomcat9[188]: 22:22:53.477 [http-nio-8080-exec-10] > INFO o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with > invalid/old nonce. > > > Issue at authentik github, altough i strongly believe it's a guacamol > issue. > https://github.com/goauthentik/authentik/issues/10126 > > Thanks for any replies :) > > See the following Jira issue, which I believe covers the behavior you're seeing: https://issues.apache.org/jira/browse/GUACAMOLE-1780 Fixes for this have already been merged into the main branch of the code, which will go into the 1.6.0 release whenever we get that out. -Nick
