>
> So far when i am trying to access guacamole i am getting the login screen
> of keycloak, so the open id Module seems to work fine.
> When i enter the user's credential to keycloak and i press login, i get
> into a redirect Loop. In this loop keycloak is trying to do a POST request
> to Guacamole and i keep getting invalid login response.More specifically
> the content of response is :
>
> ,\"expected\":[{\"name\":\"id_token\",\"type\":\"GUAC_OPENID_TOKEN\",\"authorizationURI\":\"
> http://10.0.2.7:8080/auth/realms/nodejs-example/protocol/openid-connect/auth?scope=openid+profile&response_type=id_token&client_id=Guacamole&redirect_uri=http%3A%2F%2F10.0.2.6%3A8080%2Fguacamole%2F%23%2F&nonce=4797kjoq9jdccrgboupkpv9sau\
> <http://10.0.2.7:8080/auth/realms/nodejs-example/protocol/openid-connect/auth?scope=openid+profile&response_type=id_token&client_id=Guacamole&redirect_uri=http%3A%2F%2F10.0.2.6%3A8080%2Fguacamole%2F%23%2F&nonce=4797kjoq9jdccrgboupkpv9sau%5C>
> "}]
>
>
This is a shot in the dark, so to speak, because I'm not very familiar with
OpenId, but the POST might be your issue. IIRC, Guacamole expects the
redirect to be a GET, not a POST, and this may be why you're seeing the
redirect loop. Is it possible to configure Keycloak to use a GET redirect
instead of POST?
>
> After reading a bit about guacamole i tried to send credentials with
> different names using Keylcoak mappers and even changed the
> openid-username-claim-type on guacamole properties but still i haven't
> managed to solve this problem. Also, i don't know if the user must be in
> Guacamole postgres Database before the login from OpenId
>
>
>
No, the user doesn't need to be present in order for the login to succeed,
although the user will need to be present in order to assign permissions.
-Nick
