You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Shehwaz Shamsuddin <sh...@shehwaz.com> on 2022/06/09 15:13:35 UTC
Issue With Authentik and Guacamole - Infinite Redirect
Hello,
I set up Authentik and Guacamole with the configuration found here:
https://goauthentik.io/integrations/services/apache-guacamole/
The issue I'm running into is that when I access guacamole, I'm greeted
with the Authentik login screen and after signing in, I get stuck in a
redirect loop.
Is there any advice that can be provided?
Thank you,
Shehwaz
Re: Issue With Authentik and Guacamole - Infinite Redirect
Posted by Shehwaz Shamsuddin <sh...@shehwaz.com>.
Hi Tim,
Yes, I ultimately ended up at the same conclusion after countless hours of
testing (that’s the fun part!).
I realized in Authentik I wasn’t assigning a certificate to the Guacamole
provider I created. Once I assigned the certificate, Guacamole was able get
the correct auth token and redirect.
Thank you,
Shehwaz
On Wed, Jun 22, 2022 at 12:19 PM Timothy A. Dilbert | BMT <
Timothy.Dilbert@bmt.ky> wrote:
> Hi Shehwaz,
>
> A while back I ran into a similar problem in an environment. I had a proxy
> server in front of Guacamole with SSL offloading enabled. Guacamole was
> expecting an HTTP redirect URL whereas the IdP was sending an HTTPS
> redirect URL. I ended up switching Tomcat to SSL which made everyone happy.
>
> Nick's suggestion below is likely to also work as well.
>
> Regards,
>
> Tim
> ------------------------------
> *From:* Nick Couchman <vn...@apache.org>
> *Sent:* 22 June 2022 11:05
> *To:* user@guacamole.apache.org <us...@guacamole.apache.org>
> *Subject:* Re: Issue With Authentik and Guacamole - Infinite Redirect
>
> On Thu, Jun 9, 2022 at 11:14 AM Shehwaz Shamsuddin <sh...@shehwaz.com>
> wrote:
>
> Hello,
>
> I set up Authentik and Guacamole with the configuration found here:
> https://goauthentik.io/integrations/services/apache-guacamole/
>
> The issue I'm running into is that when I access guacamole, I'm greeted
> with the Authentik login screen and after signing in, I get stuck in a
> redirect loop.
>
>
> A lot of times re-direct loops with SSO are due to HTTP vs. HTTPS issues
> with the Guacamole URL. If you're proxying Guacamole behind a HTTPS proxy
> (Nginx, httpd, etc.) you may need to make sure that your proxy is passing
> through the X-Forwarded-Proto header, which should result in the
> correct/consistent URL being provided to the SSO system.
>
> -Nick
>
>
Re: Issue With Authentik and Guacamole - Infinite Redirect
Posted by "Timothy A. Dilbert | BMT" <Ti...@bmt.ky>.
Hi Shehwaz,
A while back I ran into a similar problem in an environment. I had a proxy server in front of Guacamole with SSL offloading enabled. Guacamole was expecting an HTTP redirect URL whereas the IdP was sending an HTTPS redirect URL. I ended up switching Tomcat to SSL which made everyone happy.
Nick's suggestion below is likely to also work as well.
Regards,
Tim
________________________________
From: Nick Couchman <vn...@apache.org>
Sent: 22 June 2022 11:05
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Subject: Re: Issue With Authentik and Guacamole - Infinite Redirect
On Thu, Jun 9, 2022 at 11:14 AM Shehwaz Shamsuddin <sh...@shehwaz.com>> wrote:
Hello,
I set up Authentik and Guacamole with the configuration found here: https://goauthentik.io/integrations/services/apache-guacamole/
The issue I'm running into is that when I access guacamole, I'm greeted with the Authentik login screen and after signing in, I get stuck in a redirect loop.
A lot of times re-direct loops with SSO are due to HTTP vs. HTTPS issues with the Guacamole URL. If you're proxying Guacamole behind a HTTPS proxy (Nginx, httpd, etc.) you may need to make sure that your proxy is passing through the X-Forwarded-Proto header, which should result in the correct/consistent URL being provided to the SSO system.
-Nick
Re: Issue With Authentik and Guacamole - Infinite Redirect
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Jun 9, 2022 at 11:14 AM Shehwaz Shamsuddin <sh...@shehwaz.com>
wrote:
> Hello,
>
> I set up Authentik and Guacamole with the configuration found here:
> https://goauthentik.io/integrations/services/apache-guacamole/
>
> The issue I'm running into is that when I access guacamole, I'm greeted
> with the Authentik login screen and after signing in, I get stuck in a
> redirect loop.
>
>
A lot of times re-direct loops with SSO are due to HTTP vs. HTTPS issues
with the Guacamole URL. If you're proxying Guacamole behind a HTTPS proxy
(Nginx, httpd, etc.) you may need to make sure that your proxy is passing
through the X-Forwarded-Proto header, which should result in the
correct/consistent URL being provided to the SSO system.
-Nick
>