You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Venkata Reddy <k....@gmail.com> on 2023/03/15 05:45:40 UTC

guacamole redirection is failing after integrating with keycloak

Hi Team,

We are integrating guacamole 1.4.0 with keycloak by using the below OPENID
attributes.

  OPENID_AUTHORIZATION_ENDPOINT: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/auth
"
  OPENID_JWKS_ENDPOINT: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs
"
  OPENID_ISSUER: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master"
  OPENID_CLIENT_ID: "guacamole-client"
  OPENID_REDIRECT_URI: "http://guacamole:8080"

We observed that the application URL is redirected to keycloak for
authentication and then redirection to the application URL is failing with
the below error message. But we didn't add keycloak certificates to
guacamole container. Will it give any issue? if yes, please share the
procedure to update the certificates.

13:13:57.927 [http-nio-8080-exec-2] INFO
o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT
processing failed. Additional details: [[17] Unable to process JOSE object
(cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable
verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" :
"b_miyK9tDisD--lStj4nX5AmaoX3EHsrvGysA9TVD8c"} due to an unexpected
exception (java.net.SocketTimeoutException: connect timed out) while
obtaining or using keys from JWKS endpoint at
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs
  ):
<https://l0001spapka0005.rp.de.dmn.local/auth/realms/Symworld/protocol/openid-connect/certs):>
JsonWebSignature{"alg":"RS256","typ"
: "JWT","kid" :
"b_miyK9tDisD--lStj4nX5AmaoX3EHsrvGysA9TVD8c"}->eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiX21peUs5dERpc0QtLWxTdGo0blg1QW1hb1gzRUhzcnZHeXNBOVRWRDhjIn0.eyJleHAiOjE2Nzg4MDA0NTUsImlhdCI6MTY3ODc5OTU1NSwiYXV0aF90aW1lIjoxNjc4NzkzNTM5LCJqdGkiOiJjYTI5ZDhmMS1kZjkyLTRkM2QtYjQ3MC1mYjk5M2UzMjQ4MDUiLCJpc3MiOiJodHRwczovL2wwMDAxc3BhcGthMDAwNS5ycC5kZS5kbW4ubG9jYWwvYXV0aC9yZWFsbXMvU3ltd29ybGQiLCJhdWQiOiJQQU0iLCJzdWIiOiI0MjBhYTQwMC0yNDc3LTQ2OGItOTk2NC03YjhkYWiJJRCIsImF6cCI6IlBBTSIsIm5vbmNlIjoiazZsNTU1N3RlOThnaWVzNjIzcjRkcmExdTkiLCJzZXNzaW9uX3N0YXRlIjoiOGJlZDFjOWEtYTQ2OS00ZGFlLTgwZTUtYTQ5M2FhZGQxMTA1IiwiYWNyIjoiMCIsInNpZCI6IjhiZWQxYzlhLWE0NjktNGRhZS04MGU1LWE0OTNhYWRkMTEwNSIsImVtYWlsX3ZlcmlmaWVkIjp0cnhbWUiOiJLb25kYSIsImVtYWlsIjoidmVua2F0YS5rb25kYUByYWt1dGVuLmNvbSJ9.WVmBCulUiSVppZk5J59wFdThxWpfzmeMwG-jo_-8RyozWrtpNachLafZJtXxcLoFNEGbOi98hM3RK_RsQ0DgSuM9P85xe4Oho6-qIrmk3DIuLoBVN4YjTwALjvKwtKidIluQwMRyZjgvMBmtoF9_qpPQMx_0irTV7gbqDifI8zaIyHwafX_5gQT-pDPu5jeFRS1sR4swUJOvQiKbfe7u897289K4MZ8U-lQnv-wExtumXRvQaf3c7cVzttFgzSGo9XaT_IUI8rHdLj08EKQaf_9iQDuq-PTMpIxFNLSyO8_t-drUVDnmvbKWJS3wPrEuNwItx7E7ya2jZoBiKfWvFQ]


Regards,
Venkata

Re: guacamole redirection is failing after integrating with keycloak

Posted by Michael Jumper <mj...@apache.org>.

On Tue, Mar 14, 2023 at 10:46 PM Venkata Reddy <
k.venkatanarayanareddy@gmail.com> wrote:

> Hi Team,
>
> We are integrating guacamole 1.4.0 with keycloak by using the below OPENID
> attributes.
> ...
>

Please don't double-post. To anyone finding this in the archives, the
original thread is here:

https://lists.apache.org/thread/g5wqk67dgnczg41xtqrk97tpdosqgfn2

- Mike