guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Gauthier <jus...@justin-tech.com>
Subject Re: OpenID-Connect HTTP 500
Date Fri, 09 Feb 2018 13:49:16 GMT
Hey Nick,

Thanks for the response!

I suspected as much, unfortunately I am unsure why it’s not seeing the token. Like I said,
I don’t have anything else that uses OpenID to test the setup.

Hopefully Mike is able to assist when he gets a chance.

Thanks again for the help, it’s greatly appreciated.

________________________________
From: Nick Couchman <nick.e.couchman@gmail.com>
Sent: Friday, February 9, 2018 8:40:25 AM
To: user@guacamole.apache.org
Subject: Re: OpenID-Connect HTTP 500

On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier <justin@justin-tech.com<mailto:justin@justin-tech.com>>
wrote:
The response paylode is: {"message":"Invalid
login.","translatableMessage":{"key":"Invalid
login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok
en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus
tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
connect/auth?scope=openid+email+profile&response_type=id_token&client_i
d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-<http://tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
connect/auth?scope=openid+email+profile&response_type=id_token&client_i
d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin->
tech.com<http://tech.com>%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT
IALS"}

I also see a GET for https://guacamole.justin-tech.com/#session_state=b
1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]&not-before-
policy=1518147539


Mike can probably provide more precise information, but my guess is that there is something
about the response being sent back to the Guacamole Session that Guacamole is unhappy about
- either it isn't seeing the id_token parameter when it expects to, or it's in a format it
doesn't expect, or something like that.  I've not used Guacamole with OIDC, so I'm not going
to be of very much help, here.

-Nick

Mime
View raw message