guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Guacamole & OpenID
Date Sat, 08 Dec 2018 00:58:19 GMT
On Thu, Dec 6, 2018 at 12:26 AM Mike Jumper <> wrote:

> On Thu, Dec 6, 2018 at 12:13 AM B3r3n <> wrote:
>> Hello Mike,
>> Ok well noted.
>> What about my assumptions related to # in URL ?
>> Even recognized by Guacamole, if tomcat or Apache in front dont relay it,
>> this
>> will not be received/used by Guacamole.
> The AngularJS side of the web application handles that part of the URL.
> When any page within the webapp is visited, an authentication attempt is
> made which contains all parameters within the URL fragment. The id_token is
> thus forwarded along to the authentication subsystem and the server side of
> the webapp will reach out to the IDP to verify the token.
> The reason that the id_token is not being received in your case is due to
> the issue I noted in my previous email, with the workaround for AngularJS
> parameter mangling not taking effect due to id_token not being the first
> parameter.

Hi B3r3n,

I've made some changes which should hopefully properly handle the
"id_token" parameter regardless of where it occurs within the URL fragment.
When you can, please build and test against the "openid-token" branch of my
fork and see if that solves things for you:

You'll need to use both the guacamole-*.war and guacamole-auth-openid-*.jar
files resulting from building guacamole-client from the above branch.

If this solves things, I'll open an issue in JIRA and a PR for the changes.


- Mike

View raw message