The openid-redirect-uri parameter should look like https://{{
your_domain }}/guacamole/ and the authorized redirect URI in the OIDC
provider must be exactly the same.
Best regards,
Corentin Soriano
On 2025-06-17 12:48, Tom Eaton wrote:
I don't believe there is a callback endpoint in Guacamole. My config
just has the URL of guacamole. In your example this would be
https://guac.local/guacamole
On 17 Jun 2025, at 09:37, Eutim Putnoki <eutimputn...@gmail.com>
wrote:
Hello,
I am having a persistent issue setting up Guacamole with Authentik
OIDC using the official Docker images. No matter what I try, I always
get a "No such resource" (404) error when Authentik redirects to the
/guacamole/api/ext/oidc/callback URL.
Here is what I have confirmed through extensive troubleshooting:
Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and
Authentik.
Proxy: The reverse proxy is confirmed to be forwarding the request to
the Guacamole container correctly. We have ruled out proxy-level
blocks and header/buffer size issues.
Extension Loading: The Guacamole logs definitively show that the
guacamole-auth-sso-openid extension is being loaded successfully.
Configuration: The logs also show that the guacamole.properties file
is being read correctly by the extension.
Isolation: The issue persists even when disabling all other extensions
(like PostgreSQL) and running only the OIDC extension.
Versions: The issue occurs on both Guacamole 1.5.5 and latest tags.
The core problem seems to be that while the OIDC extension loads, its
JAX-RS API endpoint for the callback is not being registered within
the Guacamole web application, leading to the 404.
Referenced sources:
https://guacamole.apache.org/doc/gug/openid-auth.html
https://docs.goauthentik.io/integrations/services/apache-guacamole/
https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication
<logs.txt><docker-compose.yml><guacamole.properties>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
