Hi tl:dr I get auth problem if TOPT and openid SSO are on, each of them works if used when the other one is deactivated.
I've setup Guacamole on my LinuxContainer a while ago, works totally fine with TOPT and password. Some days ago I setup integration with Authentik, that works also really well, but only if I disable the TOPT extension. If the TOPT extension is enabled, it asks for a secondary TOPT, which is weird but okay, then I get an auth error: [image: 340133467-4f4018cd-6208-4d03-b709-1d071b10e655.png] In the browser console I see: [image: 340133507-fa9d8120-db2b-4fc4-8016-b7a4e81242e4.png] In the log I see the following: Jun 16 22:22:48 guacamole tomcat9[188]: 22:22:48.150 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User "XXXX" successfully authenticated from [192.168.1.200, 10.10.20.13]. Jun 16 22:22:53 guacamole tomcat9[188]: 22:22:53.477 [http-nio-8080-exec-10] INFO o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with invalid/old nonce. Issue at authentik github, altough i strongly believe it's a guacamol issue. https://github.com/goauthentik/authentik/issues/10126 Thanks for any replies :)
