If you’re using OIDC you don’t need the SAML config. Change your callback to just the Guacamole URL and the login should work. The 404 is because the callback URI you have configured doesn’t exist.
Tom > On 17 Jun 2025, at 17:05, Corentin SORIANO <csori...@apache.org> wrote: > > The openid-redirect-uri parameter should look like https://{{ your_domain > }}/guacamole/ and the authorized redirect URI in the OIDC provider must be > exactly the same. > > Best regards, > Corentin Soriano > > > > On 2025-06-17 12:48, Tom Eaton wrote: > >> I don't believe there is a callback endpoint in Guacamole. My config just >> has the URL of guacamole. In your example this would be >> https://guac.local/guacamole >> >> >> >>> On 17 Jun 2025, at 09:37, Eutim Putnoki <eutimputn...@gmail.com> wrote: >>> >>> Hello, >>> >>> I am having a persistent issue setting up Guacamole with Authentik OIDC >>> using the official Docker images. No matter what I try, I always get a "No >>> such resource" (404) error when Authentik redirects to the >>> /guacamole/api/ext/oidc/callback URL. >>> >>> Here is what I have confirmed through extensive troubleshooting: >>> >>> Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and >>> Authentik. >>> Proxy: The reverse proxy is confirmed to be forwarding the request to >>> the Guacamole container correctly. We have ruled out proxy-level blocks and >>> header/buffer size issues. >>> Extension Loading: The Guacamole logs definitively show that the >>> guacamole-auth-sso-openid extension is being loaded successfully. >>> Configuration: The logs also show that the guacamole.properties file is >>> being read correctly by the extension. >>> Isolation: The issue persists even when disabling all other extensions >>> (like PostgreSQL) and running only the OIDC extension. >>> Versions: The issue occurs on both Guacamole 1.5.5 and latest tags. >>> >>> The core problem seems to be that while the OIDC extension loads, its >>> JAX-RS API endpoint for the callback is not being registered within the >>> Guacamole web application, leading to the 404. >>> >>> >>> Referenced sources: >>> https://guacamole.apache.org/doc/gug/openid-auth.html >>> https://docs.goauthentik.io/integrations/services/apache-guacamole/ >>> https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication >>> <logs.txt><docker-compose.yml><guacamole.properties> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >>> For additional commands, e-mail: user-h...@guacamole.apache.org
