If one set guacamole ( 1.3.0 container) to authenticate using oidc, but there is an external frontend that return nice custom error pages for code HTTP 403, you will not be able to be redirected to the OIDC.
In my setup I have k8s ingress globally configured to return customized error pages in case of 403,404,500,502 http error codes ( the code is still sent correctly, just the page content will be different). When I try to access guacamole, I get this on browser:
Container logs show:
If I override the guacamole ingress to not touch the 403 custom error page, I am correctly redirected to the OIDC. ( Keycloak in my case )
Apparently guacamole requires that the 403 message returns the json:
If this is not considered a Bug I think it could be someplace in the documentation.