You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/05/24 21:57:00 UTC

[jira] [Closed] (GUACAMOLE-1019) Redirect loop occurs in OpenID

     [ https://issues.apache.org/jira/browse/GUACAMOLE-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman closed GUACAMOLE-1019.
------------------------------------
    Resolution: Invalid

> Redirect loop occurs in OpenID
> ------------------------------
>
>                 Key: GUACAMOLE-1019
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1019
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-openid
>    Affects Versions: 1.2.0
>            Reporter: Toshitaka Kawamura
>            Priority: Minor
>
> I want to use OpenID authentication with G-Suite.
> But I'm having trouble with a redirection loop on the login screen.
> Is there anyway solution this issue?
> And is it possible with authenticate G Suite?
> I have installed as follows.
> - Guacamole 1.2.0 in Docker
> - guacamole-auth-openid is 1.2.0
> I have recieved following info by G Suite Admin.（Some of them are dummies）
> ------------------------------------------------------------
> client_id : "${client_id}",
> project_id : "${project_id}",
> auth_uri : "https://accounts.google.com/o/oauth2/auth",
> token_uri : "https://oauth2.googleapis.com/token",
> auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",
> client_secret: "${client_secret}",
> redirect_uris: "https://my-guacamole-server/guacamole/" ,
> javascript_origins: "https://my-guacamole-server"
> ------------------------------------------------------------
> So, I set it up as follows in docker-compose.yaml.
> I'm not sure if this is the right setting.
> ------------------------------------------------------------
> OPENID_AUTHORIZATION_ENDPOINT=https://accounts.google.com/o/oauth2/auth
> OPENID_JWKS_ENDPOINT=https://accounts.google.com/.well-known/openid-configuration
> OPENID_ISSUER=https://accounts.google.com/
> OPENID_CLIENT_ID=${client_id}
> OPENID_REDIRECT_URI=https://my-guacamole-server/guacamole/
> ------------------------------------------------------------
> After reboot, once I logged in, it occured redirect loop.
> I suppose that authentication is probably successful because the token has been returned from GSuite.
> Is above setting correct? 
> And Is there any help this issue?
> Thanks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)