Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Invalid
-
1.0.0
-
None
-
Ubuntu 18
Description
Maybe I'm not fully understanding how the OpenID extension should work, but I believe instead of logging in with the standard Guacamole client login screen the user should be forwarded to the OpenID Connect IdP (in this case Google) to authenticate and then be sent back to the Guacamole client. In the case of my implementation this redirect isn't happening.
The extension is loaded:
09:00:44.048 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
09:00:45.357 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" loaded.
09:00:45.361 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
09:00:45.533 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "OpenID Authentication Extension" loaded.
And the guacamole.properties file is configured:
openid-authorization-endpoint: https://accounts.google.com/o/oauth2/v2/auth
openid-jwks-endpoint: https://www.googleapis.com/oauth2/v3/certs
openid-issuer: https://accounts.google.com
openid-client-id: xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
openid-redirect-uri: https://servers.xxxxxxxxxxxxxxxx.co.uk
openid-username-claim-type: email
openid-scope: openid email profile
openid-allowed-clock-skew: 60
openid-max-token-validity: 300
openid-max-nonce-validity: 10
But only the standard login screen is shown. What am I missing?