guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Gauthier <jus...@justin-tech.com>
Subject Re: OpenID / KeyCloak
Date Tue, 16 Apr 2019 12:02:18 GMT
I have Guacamole 1.0 working with an older version of Keycloak, below are my settings:

Keycloak settings:

[Image]

and the guacamole settings:


openid-authorization-endpoint: https://auth.[REDACTED]/auth/realms/[REDACTED]/protocol/openid-connect/auth
openid-jwks-endpoint: https://auth.[REDACTED]/auth/realms/[REDACTED]/protocol/openid-connect/certs
openid-issuer: https://auth.[REDACTED]/auth/realms/[REDACTED]
openid-client-id: guacamole
openid-redirect-uri: https://guacamole.[REDACTED]/guacamole/
openid-username-claim-type: username
openid-scope: openid email profile
openid-allowed-clock-skew: 500

The other tabs in keycloak are standard, just have to add the mapper(s) for the email and
username, like below.

[Image]

Hopefully that helps.

Regards,

Justin


________________________________
From: kmartin <kmartin@6hat.fr>
Sent: Tuesday, April 16, 2019 7:55 AM
To: user@guacamole.apache.org
Subject: OpenID / KeyCloak

Hello All,

I set up Guacamole 1.0 + Keycloak 5.0 . Everything goes right until the
login.

i'm log in (on keycloak), i return back to guacamole and then I have loops
between 2 URLs

https://services.xxx.fr:8081/guacamole*/#/*session_state=93ec82e2-2c19-4978-9347-5df101da3189&id_token=xxxx

and

https://services.xxx.fr:8081/guacamole*/#*session_state=93ec82e2-2c19-4978-9347-5df101da3189&id_token=xxxx

Someone has already had the problem ?

Here is my config:

openid-authorization-endpoint:
https://sso.xxx.fr:8443/auth/realms/xxx/protocol/openid-connect/auth
openid-jwks-endpoint:
https://sso.xxx.fr:8443/auth/realms/xxx/protocol/openid-connect/certs
openid-issuer: https://sso.xxx.fr:8443/auth/realms/xxx
openid-client-id: gua
openid-redirect-uri: http://services.xxx.fr:8081/guacamole
openid-username-claim-type: username
openid-scope: openid email profile
openid-allowed-clock-skew: 500

Thanks for your help !





--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message