guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Guacamole & OpenID
Date Sat, 08 Dec 2018 00:58:19 GMT
On Thu, Dec 6, 2018 at 12:26 AM Mike Jumper <mjumper@apache.org> wrote:

> On Thu, Dec 6, 2018 at 12:13 AM B3r3n <B3r3n@argosnet.com> wrote:
>
>> Hello Mike,
>>
>> Ok well noted.
>>
>> What about my assumptions related to # in URL ?
>> Even recognized by Guacamole, if tomcat or Apache in front dont relay it,
>> this
>> will not be received/used by Guacamole.
>
>
> The AngularJS side of the web application handles that part of the URL.
> When any page within the webapp is visited, an authentication attempt is
> made which contains all parameters within the URL fragment. The id_token is
> thus forwarded along to the authentication subsystem and the server side of
> the webapp will reach out to the IDP to verify the token.
>
> The reason that the id_token is not being received in your case is due to
> the issue I noted in my previous email, with the workaround for AngularJS
> parameter mangling not taking effect due to id_token not being the first
> parameter.
>

Hi B3r3n,

I've made some changes which should hopefully properly handle the
"id_token" parameter regardless of where it occurs within the URL fragment.
When you can, please build and test against the "openid-token" branch of my
fork and see if that solves things for you:

https://github.com/mike-jumper/guacamole-client/tree/openid-token

You'll need to use both the guacamole-*.war and guacamole-auth-openid-*.jar
files resulting from building guacamole-client from the above branch.

If this solves things, I'll open an issue in JIRA and a PR for the changes.

Thanks,

- Mike

Mime
View raw message