guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Looping with Guacamole+Keycloak
Date Fri, 31 May 2019 14:51:29 GMT
On Thu, May 30, 2019 at 7:35 PM Yang Yang <yy8402@icloud.com> wrote:

> Hi Mike,
>
> I just tested the recent change you proposed with
> guacOpenIDTransformToken(), and can confirm that it works well in my case,
> with “Exclude Session State From Authentication Response” in Keycloak
> setting ON or OFF.
>
> Do you think it is a good idea to report this issue to Keycloak team?
>

If you can confirm that the URL that Keycloak initially redirects to is
incorrect, using "&" instead of "?", and that this isn't just due to some
shuffling of the URL that happens on the Guacamole side after redirecting,
then yes. If things now work regardless of the setting, I'm not sure that's
the case.

I am not sure whether it is really the case. And, if the Keycloak team add
> the “?” as I thought, do we still need guacOpenIDTransformToken()?
>

Not sure. I would think that "relocateParameters.js" would handle things,
but that has been there since 0.9.13-incubating:

https://github.com/apache/guacamole-client/blob/1.0.0/guacamole/src/main/webapp/relocateParameters.js

The logout issue is still there.
>

Single logout is entirely different and not yet implemented.

https://issues.apache.org/jira/browse/GUACAMOLE-519

- Mike

Mime
View raw message