Hello,
I have the following files :
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.
catalina.2019-09-12.log catalina.2019-09-13.log catalina.out
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.2019-09-13.log
sept. 13, 2019 12:13:51 AM org.apache.catalina.startup.HostConfig deployWAR
INFOS: Deployment of web application archive /var/lib/tomcat/webapps/guacamole.war has finished in 10 995 ms
sept. 13, 2019 12:13:51 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-bio-8080"]
sept. 13, 2019 12:13:52 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-bio-8443"]
sept. 13, 2019 12:13:52 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["ajp-bio-8009"]
sept. 13, 2019 12:13:52 AM org.apache.catalina.startup.Catalina start
INFOS: Server startup in 11303 ms
^C
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.
catalina.2019-09-12.log catalina.2019-09-13.log catalina.out
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.out
tomcat-7.0.76 RPM installed
catalina.2019-09-12.log catalina.2019-09-13.log catalina.out
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.2019-09-13.log
sept. 13, 2019 12:13:51 AM org.apache.catalina.startup.HostConfig deployWAR
INFOS: Deployment of web application archive /var/lib/tomcat/webapps/guacamole.war has finished in 10 995 ms
sept. 13, 2019 12:13:51 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-bio-8080"]
sept. 13, 2019 12:13:52 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-bio-8443"]
sept. 13, 2019 12:13:52 AM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["ajp-bio-8009"]
sept. 13, 2019 12:13:52 AM org.apache.catalina.startup.Catalina start
INFOS: Server startup in 11303 ms
^C
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.
catalina.2019-09-12.log catalina.2019-09-13.log catalina.out
[root@guacamole ~]# tail -f /var/log/tomcat/catalina.out
tomcat-7.0.76 RPM installed
But no log. I may have misunderstood the question ?
Thank you
Envoyé: jeudi 12 septembre 2019 à 19:22
De: "Rafael Ramos" <[email protected]>
À: [email protected]
Objet: Re: RE: Guacamole 1.0.0 - Keycloak OpenID Information
De: "Rafael Ramos" <[email protected]>
À: [email protected]
Objet: Re: RE: Guacamole 1.0.0 - Keycloak OpenID Information
Hi Stephan,
I use valid certificate, issued by Let's Encrypt.
When you try to access after configuring Keycloak, do you get a message? Could you share catalina.log during the test?
I use valid certificate, issued by Let's Encrypt.
When you try to access after configuring Keycloak, do you get a message? Could you share catalina.log during the test?
Em qui, 12 de set de 2019 às 14:17, Stephan Leruth <[email protected]> escreveu:
Hello,
Could you confirm or not that you are using self-signed certificates or not? I am using self-signed certificates on my Keycloak server and my Guacamole server and I suspect this is causing the problem.
Thank you
sur 12/09/2019 le 14:45, Ryan Underwood écrivit:
> You can debug the flow easily directly in your browser using dev tools. If you're using Chrome you'll need to check "preserve log" under the network tab or it will disappear before you can see what happened; Firefox has this defaulted.
> Also make sure your scope preferred_username is actually available. I forget what keycloak calls a username. I think I added an email to get it working originally using default settings.
> -Ryan
>
> -----Original Message-----
> From: Stephan Leruth <[email protected]>
> Sent: Thursday, September 12, 2019 3:58 AM
> To: [email protected]
> Subject: Re: Guacamole 1.0.0 - Keycloak OpenID Information
>
> Hello,
>
> Unfortunately it still does not work.
> To summarize my installation, I use 2 servers :
> - Keycloak 4.3.0 on CentOS 7
> - Guacamole 1.0.0 on CentOS 7
> By checking the URL, I can confirm that the patch described here (https://github.com/apache/guacamole-client/commit/0344ef30e45954d1252d44b9826c7eedad8b02f3) is correctly applied.
> Looking at your nginx configuration, I understand that you access Guacamole via the URL https://guacamole.com.br/. Is it correct ? For my part, I access it via the URL https: //dom.domain.local/guacamole. I do not think that's the source of the problem ?
> I can not find a log that allows me to trace the error. The script I used for the installation of Guacamole is this one : https://github.com/Zer0CoolX/guacamole-install-rhel
>
> Thank you very much for your help.
>
> sur 11/09/2019 le 23:41, Rafael Ramos écrivit:
>
> > Hi Stephan,
> >
> > My nginx configuration is:
> > location / {
> > proxy_pass http://localhost:8080/guacamole/;
> > proxy_buffering off;
> > proxy_http_version 1.1;
> > proxy_set_header X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> > proxy_set_header Upgrade $http_upgrade;
> > proxy_set_header Connection $http_connection;
> > proxy_cookie_path /guacamole/ /;
> > }
> >
> > And my guacamole.properties:
> > openid-authorization-endpoint:
> > https://keycloak/auth/realms/master/protocol/openid-connect/auth
> > openid-jwks-endpoint:
> > https://keycloak/auth/realms/master/protocol/openid-connect/certs
> > openid-issuer: https://keycloak/auth/realms/master
> > openid-client-id: guacamole
> > openid-redirect-uri: https://guacamole.com.br/
> > openid-scope: openid email profile
> > openid-username-claim-type: preferred_username
> >
> >
> >
> > Em qua, 11 de set de 2019 às 18:36, Stephan Leruth <[email protected]>
> > escreveu:
> >
> > >
> > > Hello,
> > >
> > > I applied the same settings as you but the problem is not solved.
> > >
> > > Could you tell me your NGINX configuration ?
> > >
> > > Thank you
> > >
> > >
> > > sur 11/09/2019 le 23:26, Rafael Ramos écrivit:
> > >
> > > > Hello,
> > > >
> > > > I am using Keycloak on Guacamole and I have no problems.
> > > >
> > > > The only difference is that I have the following settings:
> > > > Standard Flow Enabled: Off
> > > > Direct Access Grants Enabled: Off
> > > >
> > > > And in extensions I have only:
> > > > guacamole-auth-0-openid-1.0.0.jar
> > > > guacamole-auth-jdbc-mysql-1.0.0.jar
> > > >
> > > > Em qua, 11 de set de 2019 às 13:56, Stephan Leruth
> > > > <[email protected]>
> > > > escreveu:
> > > >
> > > > > Hello,
> > > > >
> > > > > I use Guacamole in version 1.0.0 and it works perfectly.
> > > > > I configured the connection via LDAP (Active Directory) and this
> > > allows me
> > > > > to give access rights to certain users. However, I receive many
> > > complaints
> > > > > because the users want to implement a single sign-on (SSO).
> > > > >
> > > > > By reading the Apache Guacamole documentation, I read that
> > > authentication
> > > > > by OpenID is supported. I decided to set up a Keycloak server.
> > > > > Once it was correctly configured (SSO functional but no client
> > > > > configured), I tried to configure Guacamole. After several days
> > > > > of
> > > testing,
> > > > > I always have the same error : an infinite loop during authentication !
> > > > >
> > > > > I have read different topics on the Internet that indicate that
> > > > > this
> > > is an
> > > > > identified problem and should be corrected in the following
> > > > > versions (1.2.0). Correct ?
> > > > > I also read this guide (
> > > > > https://blog.exceptionerror.io/2019/06/10/home-lab-2019/) which
> > > indicates
> > > > > that the patch can be done manually. After completing these
> > > > > commands,
> > > it
> > > > > does not work better.
> > > > >
> > > > > I allow myself to add my Keycloak and Guacamole configuration
> > > > > for can
> > > be
> > > > > identify a big mistake on my part ?
> > > > >
> > > > > #OpenID Authentication
> > > > > openid-authorization-endpoint:
> > > > >
> > > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-co
> > > nnect/auth
> > > > > openid-jwks-endpoint:
> > > > >
> > > https://sso01.dom.domain.local/auth/realms/master/protocol/openid-co
> > > nnect/certs
> > > > > openid-issuer:
> > > > > https://sso01.dom.domain.local/auth/realms/master
> > > > > openid-client-id: guacamole
> > > > > openid-redirect-uri:
> > > > > https://guacamole.dom.domain.local/guacamole
> > > > > openid-username-claim-type: username
> > > > > openid-scope: openid email profile
> > > > > openid-allowed-clock-skew: 500
> > > > >
> > > > > Thank you !
> > > > >
> > > > >
> > > > > Shaguu
> > > > >
> > > > > ----------------------------------------------------------------
> > > > > ----- To unsubscribe, e-mail:
> > > > > [email protected]
> > > > > For additional commands, e-mail: [email protected]
> > >
> > >
> > > --------------------------------------------------------------------
> > > - To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
> > >
> > >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
