On Fri, Mar 7, 2025 at 9:58 AM Cedric Biedermann <[email protected]> wrote:
> Hi guys, > > I successfully added my Keycloak server to my Guacamole server, and the > login and so on work fine. If I log in with a new user, Guacamole seems to > create the user automatically, and it always takes the email parameter from > Keycloak as the username. If I don't define the email address, it requires > that from me. How can I tell the Guacamole server to use the Keycloak > username as the username instead? > > See: https://guacamole.apache.org/doc/gug/openid-auth.html#configuring-guacamole-for-single-sign-on-with-openid-connect particularly the "openid-username-claim-type" parameter, which, as the documentation mentions, default to "email". You just need to change this to whatever claim is provided by Keycloak that contains the username. > A workaround for me would be also that guacamole does not create the new > user at all, that would do another service from my side. > > You can do this by either removing or disabling the account auto creation in guacamole.properties. -Nick >
