Perfect, thank you :) Am Fr., 7. März 2025 um 16:02 Uhr schrieb Nick Couchman <vn...@apache.org>:
> On Fri, Mar 7, 2025 at 9:58 AM Cedric Biedermann <cedricbie...@gmail.com> > wrote: > >> Hi guys, >> >> I successfully added my Keycloak server to my Guacamole server, and the >> login and so on work fine. If I log in with a new user, Guacamole seems to >> create the user automatically, and it always takes the email parameter from >> Keycloak as the username. If I don't define the email address, it requires >> that from me. How can I tell the Guacamole server to use the Keycloak >> username as the username instead? >> >> > See: > > https://guacamole.apache.org/doc/gug/openid-auth.html#configuring-guacamole-for-single-sign-on-with-openid-connect > > particularly the "openid-username-claim-type" parameter, which, as the > documentation mentions, default to "email". You just need to change this to > whatever claim is provided by Keycloak that contains the username. > > >> A workaround for me would be also that guacamole does not create the new >> user at all, that would do another service from my side. >> >> > You can do this by either removing or disabling the account auto creation > in guacamole.properties. > > -Nick > >>
