Guacamole w/ Keycloak as SP

[Rob Barriga]

I’m currently utilizing Keycloak as a service provider. Wondering if anybody has any familiarity with guacamole pointing to Keycloak. I have done a number of config trials in the Guac properties but it’s not authenticating properly. They’re both AL2 instances and containers in AWS. Both are in the same VPC and subnet and have nearly identical security groups. I lean towards a cert issue but I’ve put the certs on brotha servers. Any help would be appreciated!

[Björn Pedersen]

Rob Barriga schrieb am Freitag, 6. Oktober 2023 um 01:07:54 UTC+2:

I’m currently utilizing Keycloak as a service provider. Wondering if anybody has any familiarity with guacamole pointing to Keycloak. I have done a number of config trials in the Guac properties but it’s not authenticating properly. They’re both AL2 instances and containers in AWS. Both are in the same VPC and subnet and have nearly identical security groups. I lean towards a cert issue but I’ve put the certs on brotha servers. Any help would be appreciated!

     ```

      OPENID_AUTHORIZATION_ENDPOINT: https://<kc-url/with/realms>/protocol/openid-connect/auth

      OPENID_JWKS_ENDPOINT: https://<kc-url/with/realms>/protocol/openid-connect/certs
      OPENID_ISSUER: https://<kc-url/with/realms>
      OPENID_CLIENT_ID: <yourclientid>
      OPENID_REDIRECT_URI: http(s)://<your guacamole_url>
      OPENID_USERNAME_CLAIM_TYPE: preferred_username

     ```

and ensure guacamole-auth-sso-openid-<version>.jar is in the guacamole/extensions directory

[Rob Barriga]

Im sorry this will be a saml setup.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/c3e9480e-1cad-41df-89df-0310c29acbccn%40googlegroups.com.