guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Guacamole & OpenID
Date Fri, 30 Nov 2018 17:31:53 GMT
On Tue, Nov 20, 2018 at 11:59 PM B3r3n <B3r3n@argosnet.com> wrote:
>
> Hello guys,
>
> I implemented Guacamole into my organisation and it works greatly.
> However, it suffers missing Web proxying.
>
> To solve that, I would like to implement a SSO organised infrastructure based
> on below:
>
> - OIDC Server (Gluu for this PoC)
> - Guacamole authenticating on it
> - Apache Rproxy authenticating on it
> - Web apps authenticating on it
>
> At this stage, everything seems to work except Guacamole.
>
> When I log in, I am redirected to OIDC, I can authenticated and callback
> resend me as requested to http://guacamole/guacamole/, that is where is the
> issue.
> From that I loop infinitely between 2 URL:
> - http://guacamole/guacamole/
> - http://guacamole/guacamole/#/OIDC_arguments_related_to_the_session.
>

If you are seeing a redirect loop, this most likely means that the ID
token being received by Guacamole is failing validation. Having
received an invalid token, Guacamole redirects the user back to the
IDP to receive a new token, which also fails validation, etc.

What do you see in the logs when this is occurring?

> I saw some posts related to Angular and is single web practice that might
> explain that, but I am not familiar with Angular and such.

The OpenID support for Guacamole already takes this into account.

- Mike

Mime
View raw message