guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig Bloodworth <craig.bloodwo...@theinformationlab.co.uk>
Subject OpenID Auth Not Redirecting
Date Fri, 05 Apr 2019 14:05:32 GMT
Maybe I'm not fully understanding how the OpenID extension should work, but
I believe instead of logging in with the standard Guacamole client login
screen the user should be forwarded to the OpenID Connect IdP (in this case
Google) to authenticate and then be sent back to the Guacamole client. In
the case of my implementation this redirect isn't happening.

The extension is loaded:

09:00:44.048 [localhost-startStop-1] INFO
o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
09:00:45.357 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "MySQL Authentication" loaded.
09:00:45.361 [localhost-startStop-1] INFO
o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
09:00:45.533 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "OpenID Authentication Extension" loaded.

And the guacamole.properties file is configured:

openid-authorization-endpoint: https://accounts.google.com/o/oauth2/v2/auth
openid-jwks-endpoint: https://www.googleapis.com/oauth2/v3/certs
openid-issuer: https://accounts.google.com
openid-client-id:
xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
openid-redirect-uri: https://servers.xxxxxxxxxxxxxxxx.co.uk
openid-username-claim-type: email
openid-scope: openid email profile
openid-allowed-clock-skew: 60
openid-max-token-validity: 300
openid-max-nonce-validity: 10

But only the standard login screen is shown. What am I missing?

I've checked the browser console and there are no obvious errors other than
the 403 error from /api/tokens which is triggered because I'm not logged in.

Mime
View raw message