Hello, 

Unfortunately it still does not work.  
To summarize my installation, I use 2 servers : 
- Keycloak 4.3.0 on CentOS 7 
- Guacamole 1.0.0 on CentOS 7 
By checking the URL, I can confirm that the patch described here 
(https://github.com/apache/guacamole-client/commit/0344ef30e45954d1252d44b9826c7eedad8b02f3)
 is correctly applied.  
Looking at your nginx configuration, I understand that you access Guacamole via 
the URL https://guacamole.com.br/.  Is it correct ?  For my part, I access it 
via the URL https: //dom.domain.local/guacamole.  I do not think that's the 
source of the problem ?
I can not find a log that allows me to trace the error.  The script I used for 
the installation of Guacamole is this one : 
https://github.com/Zer0CoolX/guacamole-install-rhel

Thank you very much for your help.

 sur 11/09/2019 le 23:41, Rafael Ramos écrivit:

> Hi Stephan,
> 
> My nginx configuration is:
> location / {
>                     proxy_pass http://localhost:8080/guacamole/;
>                     proxy_buffering off;
>                     proxy_http_version 1.1;
>                     proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
>                     proxy_set_header Upgrade $http_upgrade;
>                     proxy_set_header Connection $http_connection;
>                     proxy_cookie_path /guacamole/ /;
>         }
> 
> And my guacamole.properties:
> openid-authorization-endpoint:
> https://keycloak/auth/realms/master/protocol/openid-connect/auth
> openid-jwks-endpoint:
> https://keycloak/auth/realms/master/protocol/openid-connect/certs
> openid-issuer: https://keycloak/auth/realms/master
> openid-client-id: guacamole
> openid-redirect-uri: https://guacamole.com.br/
> openid-scope: openid email profile
> openid-username-claim-type: preferred_username
> 
> 
> 
> Em qua, 11 de set de 2019 às 18:36, Stephan Leruth <[email protected]>
> escreveu:
> 
> >
> > Hello,
> >
> > I applied the same settings as you but the problem is not solved.
> >
> > Could you tell me your NGINX configuration ?
> >
> > Thank you
> >
> >
> >  sur 11/09/2019 le 23:26, Rafael Ramos écrivit:
> >
> > > Hello,
> > >
> > > I am using Keycloak on Guacamole and I have no problems.
> > >
> > > The only difference is that I have the following settings:
> > > Standard Flow Enabled: Off
> > > Direct Access Grants Enabled: Off
> > >
> > > And in extensions I have only:
> > > guacamole-auth-0-openid-1.0.0.jar  guacamole-auth-jdbc-mysql-1.0.0.jar
> > >
> > > Em qua, 11 de set de 2019 às 13:56, Stephan Leruth <[email protected]>
> > > escreveu:
> > >
> > > > Hello,
> > > >
> > > > I use Guacamole in version 1.0.0 and it works perfectly.
> > > > I configured the connection via LDAP (Active Directory) and this
> > allows me
> > > > to give access rights to certain users. However, I receive many
> > complaints
> > > > because the users want to implement a single sign-on (SSO).
> > > >
> > > > By reading the Apache Guacamole documentation, I read that
> > authentication
> > > > by OpenID is supported. I decided to set up a Keycloak server.
> > > > Once it was correctly configured (SSO functional but no client
> > > > configured), I tried to configure Guacamole. After several days of
> > testing,
> > > > I always have the same error : an infinite loop during authentication !
> > > >
> > > > I have read different topics on the Internet that indicate that this
> > is an
> > > > identified problem and should be corrected in the following versions
> > > > (1.2.0). Correct ?
> > > > I also read this guide (
> > > > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which
> > indicates
> > > > that the patch can be done manually. After completing these commands,
> > it
> > > > does not work better.
> > > >
> > > > I allow myself to add my Keycloak and Guacamole configuration for can
> > be
> > > > identify a big mistake on my part ?
> > > >
> > > > #OpenID Authentication
> > > > openid-authorization-endpoint:
> > > >
> > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth
> > > > openid-jwks-endpoint:
> > > >
> > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs
> > > > openid-issuer:  https://sso01.dom.domain.local/auth/realms/master
> > > > openid-client-id: guacamole
> > > > openid-redirect-uri: https://guacamole.dom.domain.local/guacamole
> > > > openid-username-claim-type: username
> > > > openid-scope: openid email profile
> > > > openid-allowed-clock-skew: 500
> > > >
> > > > Thank you !
> > > >
> > > >
> > > > Shaguu
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [email protected]
> > > > For additional commands, e-mail: [email protected]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to