guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: guacamole with okta
Date Thu, 03 May 2018 09:46:51 GMT
On Wed, May 2, 2018 at 7:29 AM, Dave Smith <agentsmith77@gmail.com> wrote:

> hi all,
>
> i've tried to get this setup. Unfortunately it seems Okta insist (even
> with Single Page App (SPA)) to have state field in the POST even if (when
> using SPA) it's not actually used. The guacamole client just goes in a
> redirect loop with error in URL visible of "invalid state".
>
>

> With SPA the state parameter can even be some random letters, but must be
> there. Using OIDCDebugger.com gleans this:
>
> error=invalid_request
> error_description=The authentication request has an invalid
> &#x27;state&#x27; parameter.
>
> yet by adding a bunch of x's to the state parameter..
>
> i get a much more positive response:
> state=xxxxxxxxxxxxx
> id_token=eyJraWQiOiI0NlpNbjlZZG5HQ1AxMGhDUWs5VWtvc2ljUmltTUR
> JRDBBbVh1dWhHUUhrIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHUxMDAx
> NnVwUzhFaENuMjJwNyIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9hdG9zbXBj
> YXdzLm9rdGEuY29tIiwiYXVkIjoiMG9hMTIzZG8weXNibFN4dUoycDciLCJp
> YXQiOjE1MjQ3NTQwOTUsImV4cCI6MTUyNDc1NzY5NSwianRpIjoiSUQuRmZGYzFpZlA2VG
>
> did anyone successfully use Okta with OIDC in Guacamole? If not I'd kindly
> ask that state could be added as an optional parameter to the guac
> properties file.
>
>
You'll probably want to put in a feature request on the Guacamole JIRA site
for this:

https://issues.apache.org/jira/projects/GUACAMOLE/issues

-Nick

Mime
View raw message