[guacamole-client] Bug： An error occurs when I connect to casdoor with OpenId

[kang hu <h2...@gmail.com>]

 When I log in, I will still stay on the current page

tomcat log is this :
12:46:32.209 [http-nio-8080-exec-1] INFO
 o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT
rejected due to invalid signature. Additional details: [[9] Invalid JWS
Signature:
JsonWebSignature{"alg":"RS256","kid":"cert-built-in","typ":"JWT"}->eyJhbGciOiJSUzI1NiIsImtpZCI6ImNlcnQtYnVpbHQtaW4iLCJ0eXAiOiJKV1QifQ.eyJvd25lciI6ImJ1aWx0LWluIiwibmFtZSI6ImFkbWluIiwiY3JlYXRlZFRpbWUiOiIyMDIzLTAxLTE2VDE1OjExOjUxWiIsInVwZGF0ZWRUaW1lIjoiIiwiaWQiOiJiNzAwNGJlOS1lOGZlLTQ5Y2YtODM2YS04Nzc1NTA0YTQwMjciLCJ0eXBlIjoibm9ybWFsLXVzZXIiLCJwYXNzd29yZCI6IiIsInBhc3N3b3JkU2FsdCI6IiIsImRpc3BsYXlOYW1lIjoiQWRtaW4iLCJmaXJzdE5hbWUiOiIiLCJsYXN0TmFtZSI6IiIsImF2YXRhciI6Imh0dHBzOi8vY2RuLmNhc2Jpbi5vcmcvaW1nL2Nhc2Jpbi5zdmciLCJwZXJtYW5lbnRBdmF0YXIiOiIiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxWZXJpZmllZCI6ZmFsc2UsInBob25lIjoiMTIzNDU2Nzg5MTAiLCJsb2NhdGlvbiI6IiIsImFkZHJlc3MiOltdLCJhZmZpbGlhdGlvbiI6IkV4YW1wbGUgSW5jLiIsInRpdGxlIjoiIiwiaWRDYXJkVHlwZSI6IiIsImlkQ2FyZCI6IiIsImhvbWVwYWdlIjoiIiwiYmlvIjoiIiwicmVnaW9uIjoiIiwibGFuZ3VhZ2UiOiIiLCJnZW5kZXIiOiIiLCJiaXJ0aGRheSI6IiIsImVkdWNhdGlvbiI6IiIsInNjb3JlIjoyMDAwLCJrYXJtYSI6MCwicmFua2luZyI6MSwiaXNEZWZhdWx0QXZhdGFyIjpmYWxzZSwiaXNPbmxpbmUiOmZhbHNlLCJpc0FkbWluIjp0cnVlLCJpc0dsb2JhbEFkbWluIjp0cnVlLCJpc0ZvcmJpZGRlbiI6ZmFsc2UsImlzRGVsZXRlZCI6ZmFsc2UsInNpZ251cEFwcGxpY2F0aW9uIjoiYXBwLWJ1aWx0LWluIiwiaGFzaCI6IiIsInByZUhhc2giOiIiLCJjcmVhdGVkSXAiOiIxMjcuMC4wLjEiLCJsYXN0U2lnbmluVGltZSI6IiIsImxhc3RTaWduaW5JcCI6IiIsImdpdGh1YiI6IiIsImdvb2dsZSI6IiIsInFxIjoiIiwid2VjaGF0IjoiIiwiZmFjZWJvb2siOiIiLCJkaW5ndGFsayI6IiIsIndlaWJvIjoiIiwiZ2l0ZWUiOiIiLCJsaW5rZWRpbiI6IiIsIndlY29tIjoiIiwibGFyayI6IiIsImdpdGxhYiI6IiIsImFkZnMiOiIiLCJiYWlkdSI6IiIsImFsaXBheSI6IiIsImNhc2Rvb3IiOiIiLCJpbmZvZmxvdyI6IiIsImFwcGxlIjoiIiwiYXp1cmVhZCI6IiIsInNsYWNrIjoiIiwic3RlYW0iOiIiLCJiaWxpYmlsaSI6IiIsIm9rdGEiOiIiLCJkb3V5aW4iOiIiLCJsaW5lIjoiIiwiY3VzdG9tIjoiIiwid2ViYXV0aG5DcmVkZW50aWFscyI6bnVsbCwibGRhcCI6IiIsInByb3BlcnRpZXMiOnt9LCJyb2xlcyI6W10sInBlcm1pc3Npb25zIjpbXSwibGFzdFNpZ25pbldyb25nVGltZSI6IiIsInNpZ25pbldyb25nVGltZXMiOjAsIm1hbmFnZWRBY2NvdW50cyI6bnVsbCwidG9rZW5UeXBlIjoiYWNjZXNzLXRva2VuIiwidGFnIjoic3RhZmYiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwIiwic3ViIjoiYjcwMDRiZTktZThmZS00OWNmLTgzNmEtODc3NTUwNGE0MDI3IiwiYXVkIjpbImUyMzhjYjc4YjhhMGUzMWNkM2MxIl0sImV4cCI6MTY3NDUzNTU5MiwibmJmIjoxNjczOTMwNzkyLCJpYXQiOjE2NzM5MzA3OTIsImp0aSI6ImFkbWluLzM1M2MyMTFjLTg3MjUtNDNjMy1hOTZjLWNhNGI2NzBhMTFhMyJ9.l_vmxFa5jUIy6aSNXJOpQ_QQeM4GvXit4UCQmfeJ7ojBqOERuZ5hr893RzItOltz1_UldzhP1KXvEbxcYjtIMliIdNAr5SCIkF9z-8eNZgSWVpLbfPFDr1VdrSy03E6AT7vg0CCXqfUz4-wymjoI8rYtyurIxWbnT0oBj1ef7It2L639HmjXbIfv9bJUmMKir8pkP7Gss-VESjhdzIEbIZ_eIb-kOtj2bwrOWR6r2UEOEFlHItDorT25lw5bfNxioH9hN092lPcNwsh6Dzf2FbqNsLVPCQ8oXeKIl99I0LYJG1Z-knW8Ar3rDoMcFRSBhV3HOhSqEHtEX94khx4Xr8ZzAA5rqs_lIi2SSPbIes3Q-g2_Em1Z4aSW7bc_rsIvhztdaDSIs3FWzdStWjRZEAggM8MJJZ-utQ2311k6rmgbUc2o6udrDKHScKRqC_mmiJEpmtFq2NrkfkmTMMMTkz3KNFm8NtHhgeZCXNZSU36Tx-z7ahmxoYVkLho354rkXTLWrAIcdLJT_O0Or5XwAQC1da_o3HTXlO8KE_ux9tBsDtgGaYE6bJ6L4_oVcMLwNzvo3ClPqVF5ZLXVcBVeI8fqE4gIphpvpRvxMWRK3tQBKJF1vGPuvsWZTjbnzYBJ55IfeEIkp5ScvDc4Tk5gQNrzOangI7YrpiChajVFhnU?state=]

This is my guacaomole.properties:
guacd-hostname: localhost
guacd-port:    4822
user-mapping: /etc/guacamole/user-mapping.xml

openid-authorization-endpoint: http://localhost:8000/login/oauth/authorize
openid-jwks-endpoint: http://localhost:8000/.well-known/jwks
openid-issuer: http://localhost:8000
openid-client-id: e238cb78b8a0e31cd3c1
openid-redirect-uri: http://localhost:8080/guacamole

Re: [guacamole-client] Bug： An error occurs when I connect to casdoor with OpenId

[Michael Jumper <mj...@apache.org>]

On Mon, Jan 16, 2023 at 9:22 PM kang hu <h2...@gmail.com> wrote:

> ...
> >  When I log in, I will still stay on the current page
> >
> > tomcat log is this :
> > 12:46:32.209 [http-nio-8080-exec-1] INFO
> >  o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT
> > rejected due to invalid signature. Additional details: [[9] Invalid JWS
> > Signature: ...
>

What leads you to believe this is a bug? The above logs indicate that the
JWT from the OpenID IdP is failing validation due to an invalid signature.

- Mike

Re: [guacamole-client] Bug： An error occurs when I connect to casdoor with OpenId

[kang hu <h2...@gmail.com>]

 kazam_7xyf7d24.movie.mp4
<https://drive.google.com/file/d/1Q3qeS90zDB9cRccxJgYpsC1f_ICNyS-W/view?usp=drive_web>
This is video

kang hu <h2...@gmail.com> 于2023年1月17日周二 12:51写道：

>  When I log in, I will still stay on the current page
>
> tomcat log is this :
> 12:46:32.209 [http-nio-8080-exec-1] INFO
>  o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT
> rejected due to invalid signature. Additional details: [[9] Invalid JWS
> Signature:
> JsonWebSignature{"alg":"RS256","kid":"cert-built-in","typ":"JWT"}->eyJhbGciOiJSUzI1NiIsImtpZCI6ImNlcnQtYnVpbHQtaW4iLCJ0eXAiOiJKV1QifQ.eyJvd25lciI6ImJ1aWx0LWluIiwibmFtZSI6ImFkbWluIiwiY3JlYXRlZFRpbWUiOiIyMDIzLTAxLTE2VDE1OjExOjUxWiIsInVwZGF0ZWRUaW1lIjoiIiwiaWQiOiJiNzAwNGJlOS1lOGZlLTQ5Y2YtODM2YS04Nzc1NTA0YTQwMjciLCJ0eXBlIjoibm9ybWFsLXVzZXIiLCJwYXNzd29yZCI6IiIsInBhc3N3b3JkU2FsdCI6IiIsImRpc3BsYXlOYW1lIjoiQWRtaW4iLCJmaXJzdE5hbWUiOiIiLCJsYXN0TmFtZSI6IiIsImF2YXRhciI6Imh0dHBzOi8vY2RuLmNhc2Jpbi5vcmcvaW1nL2Nhc2Jpbi5zdmciLCJwZXJtYW5lbnRBdmF0YXIiOiIiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxWZXJpZmllZCI6ZmFsc2UsInBob25lIjoiMTIzNDU2Nzg5MTAiLCJsb2NhdGlvbiI6IiIsImFkZHJlc3MiOltdLCJhZmZpbGlhdGlvbiI6IkV4YW1wbGUgSW5jLiIsInRpdGxlIjoiIiwiaWRDYXJkVHlwZSI6IiIsImlkQ2FyZCI6IiIsImhvbWVwYWdlIjoiIiwiYmlvIjoiIiwicmVnaW9uIjoiIiwibGFuZ3VhZ2UiOiIiLCJnZW5kZXIiOiIiLCJiaXJ0aGRheSI6IiIsImVkdWNhdGlvbiI6IiIsInNjb3JlIjoyMDAwLCJrYXJtYSI6MCwicmFua2luZyI6MSwiaXNEZWZhdWx0QXZhdGFyIjpmYWxzZSwiaXNPbmxpbmUiOmZhbHNlLCJpc0FkbWluIjp0cnVlLCJpc0dsb2JhbEFkbWluIjp0cnVlLCJpc0ZvcmJpZGRlbiI6ZmFsc2UsImlzRGVsZXRlZCI6ZmFsc2UsInNpZ251cEFwcGxpY2F0aW9uIjoiYXBwLWJ1aWx0LWluIiwiaGFzaCI6IiIsInByZUhhc2giOiIiLCJjcmVhdGVkSXAiOiIxMjcuMC4wLjEiLCJsYXN0U2lnbmluVGltZSI6IiIsImxhc3RTaWduaW5JcCI6IiIsImdpdGh1YiI6IiIsImdvb2dsZSI6IiIsInFxIjoiIiwid2VjaGF0IjoiIiwiZmFjZWJvb2siOiIiLCJkaW5ndGFsayI6IiIsIndlaWJvIjoiIiwiZ2l0ZWUiOiIiLCJsaW5rZWRpbiI6IiIsIndlY29tIjoiIiwibGFyayI6IiIsImdpdGxhYiI6IiIsImFkZnMiOiIiLCJiYWlkdSI6IiIsImFsaXBheSI6IiIsImNhc2Rvb3IiOiIiLCJpbmZvZmxvdyI6IiIsImFwcGxlIjoiIiwiYXp1cmVhZCI6IiIsInNsYWNrIjoiIiwic3RlYW0iOiIiLCJiaWxpYmlsaSI6IiIsIm9rdGEiOiIiLCJkb3V5aW4iOiIiLCJsaW5lIjoiIiwiY3VzdG9tIjoiIiwid2ViYXV0aG5DcmVkZW50aWFscyI6bnVsbCwibGRhcCI6IiIsInByb3BlcnRpZXMiOnt9LCJyb2xlcyI6W10sInBlcm1pc3Npb25zIjpbXSwibGFzdFNpZ25pbldyb25nVGltZSI6IiIsInNpZ25pbldyb25nVGltZXMiOjAsIm1hbmFnZWRBY2NvdW50cyI6bnVsbCwidG9rZW5UeXBlIjoiYWNjZXNzLXRva2VuIiwidGFnIjoic3RhZmYiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDAwIiwic3ViIjoiYjcwMDRiZTktZThmZS00OWNmLTgzNmEtODc3NTUwNGE0MDI3IiwiYXVkIjpbImUyMzhjYjc4YjhhMGUzMWNkM2MxIl0sImV4cCI6MTY3NDUzNTU5MiwibmJmIjoxNjczOTMwNzkyLCJpYXQiOjE2NzM5MzA3OTIsImp0aSI6ImFkbWluLzM1M2MyMTFjLTg3MjUtNDNjMy1hOTZjLWNhNGI2NzBhMTFhMyJ9.l_vmxFa5jUIy6aSNXJOpQ_QQeM4GvXit4UCQmfeJ7ojBqOERuZ5hr893RzItOltz1_UldzhP1KXvEbxcYjtIMliIdNAr5SCIkF9z-8eNZgSWVpLbfPFDr1VdrSy03E6AT7vg0CCXqfUz4-wymjoI8rYtyurIxWbnT0oBj1ef7It2L639HmjXbIfv9bJUmMKir8pkP7Gss-VESjhdzIEbIZ_eIb-kOtj2bwrOWR6r2UEOEFlHItDorT25lw5bfNxioH9hN092lPcNwsh6Dzf2FbqNsLVPCQ8oXeKIl99I0LYJG1Z-knW8Ar3rDoMcFRSBhV3HOhSqEHtEX94khx4Xr8ZzAA5rqs_lIi2SSPbIes3Q-g2_Em1Z4aSW7bc_rsIvhztdaDSIs3FWzdStWjRZEAggM8MJJZ-utQ2311k6rmgbUc2o6udrDKHScKRqC_mmiJEpmtFq2NrkfkmTMMMTkz3KNFm8NtHhgeZCXNZSU36Tx-z7ahmxoYVkLho354rkXTLWrAIcdLJT_O0Or5XwAQC1da_o3HTXlO8KE_ux9tBsDtgGaYE6bJ6L4_oVcMLwNzvo3ClPqVF5ZLXVcBVeI8fqE4gIphpvpRvxMWRK3tQBKJF1vGPuvsWZTjbnzYBJ55IfeEIkp5ScvDc4Tk5gQNrzOangI7YrpiChajVFhnU?state=]
>
> This is my guacaomole.properties:
> guacd-hostname: localhost
> guacd-port:    4822
> user-mapping: /etc/guacamole/user-mapping.xml
>
> openid-authorization-endpoint: http://localhost:8000/login/oauth/authorize
> openid-jwks-endpoint: http://localhost:8000/.well-known/jwks
> openid-issuer: http://localhost:8000
> openid-client-id: e238cb78b8a0e31cd3c1
> openid-redirect-uri: http://localhost:8080/guacamole
>
>
>