Hello,
Unfortunately it still does not work.
To summarize my installation, I use 2 servers :
- Keycloak 4.3.0 on CentOS 7
- Guacamole 1.0.0 on CentOS 7
By checking the URL, I can confirm that the patch described here
(https://github.com/apache/guacamole-client/commit/0344ef30e45954d1252d44b9826c7eedad8b02f3)
is correctly applied.
Looking at your nginx configuration, I understand that you access Guacamole via
the URL https://guacamole.com.br/. Is it correct ? For my part, I access it
via the URL https: //dom.domain.local/guacamole. I do not think that's the
source of the problem ?
I can not find a log that allows me to trace the error. The script I used for
the installation of Guacamole is this one :
https://github.com/Zer0CoolX/guacamole-install-rhel
Thank you very much for your help.
sur 11/09/2019 le 23:41, Rafael Ramos écrivit:
> Hi Stephan,
>
> My nginx configuration is:
> location / {
> proxy_pass http://localhost:8080/guacamole/;
> proxy_buffering off;
> proxy_http_version 1.1;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection $http_connection;
> proxy_cookie_path /guacamole/ /;
> }
>
> And my guacamole.properties:
> openid-authorization-endpoint:
> https://keycloak/auth/realms/master/protocol/openid-connect/auth
> openid-jwks-endpoint:
> https://keycloak/auth/realms/master/protocol/openid-connect/certs
> openid-issuer: https://keycloak/auth/realms/master
> openid-client-id: guacamole
> openid-redirect-uri: https://guacamole.com.br/
> openid-scope: openid email profile
> openid-username-claim-type: preferred_username
>
>
>
> Em qua, 11 de set de 2019 às 18:36, Stephan Leruth <[email protected]>
> escreveu:
>
> >
> > Hello,
> >
> > I applied the same settings as you but the problem is not solved.
> >
> > Could you tell me your NGINX configuration ?
> >
> > Thank you
> >
> >
> > sur 11/09/2019 le 23:26, Rafael Ramos écrivit:
> >
> > > Hello,
> > >
> > > I am using Keycloak on Guacamole and I have no problems.
> > >
> > > The only difference is that I have the following settings:
> > > Standard Flow Enabled: Off
> > > Direct Access Grants Enabled: Off
> > >
> > > And in extensions I have only:
> > > guacamole-auth-0-openid-1.0.0.jar guacamole-auth-jdbc-mysql-1.0.0.jar
> > >
> > > Em qua, 11 de set de 2019 às 13:56, Stephan Leruth <[email protected]>
> > > escreveu:
> > >
> > > > Hello,
> > > >
> > > > I use Guacamole in version 1.0.0 and it works perfectly.
> > > > I configured the connection via LDAP (Active Directory) and this
> > allows me
> > > > to give access rights to certain users. However, I receive many
> > complaints
> > > > because the users want to implement a single sign-on (SSO).
> > > >
> > > > By reading the Apache Guacamole documentation, I read that
> > authentication
> > > > by OpenID is supported. I decided to set up a Keycloak server.
> > > > Once it was correctly configured (SSO functional but no client
> > > > configured), I tried to configure Guacamole. After several days of
> > testing,
> > > > I always have the same error : an infinite loop during authentication !
> > > >
> > > > I have read different topics on the Internet that indicate that this
> > is an
> > > > identified problem and should be corrected in the following versions
> > > > (1.2.0). Correct ?
> > > > I also read this guide (
> > > > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which
> > indicates
> > > > that the patch can be done manually. After completing these commands,
> > it
> > > > does not work better.
> > > >
> > > > I allow myself to add my Keycloak and Guacamole configuration for can
> > be
> > > > identify a big mistake on my part ?
> > > >
> > > > #OpenID Authentication
> > > > openid-authorization-endpoint:
> > > >
> > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/auth
> > > > openid-jwks-endpoint:
> > > >
> > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-connect/certs
> > > > openid-issuer: https://sso01.dom.domain.local/auth/realms/master
> > > > openid-client-id: guacamole
> > > > openid-redirect-uri: https://guacamole.dom.domain.local/guacamole
> > > > openid-username-claim-type: username
> > > > openid-scope: openid email profile
> > > > openid-allowed-clock-skew: 500
> > > >
> > > > Thank you !
> > > >
> > > >
> > > > Shaguu
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [email protected]
> > > > For additional commands, e-mail: [email protected]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
