On Thu, Feb 8, 2018 at 11:37 PM, Justin Gauthier <jus...@justin-tech.com>
wrote:
> The response paylode is: {"message":"Invalid
> login.","translatableMessage":{"key":"Invalid
> login.","variables":null},"statusCode":null,"expected":[{"name":"id_tok
> en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.jus
> tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
> connect/auth?scope=openid+email+profile&response_type=id_token&client_i
> d=guacamole&redirect_uri=https%3A%2F%2Fguacamole.justin-
> tech.com%2F&nonce=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDENT
> IALS"}
>
> I also see a GET for https://guacamole.justin-tech.com/#session_state=b
> 1988d87-4a4d-4539-a186-1d2ef58aca04&id_token=[TOKEN]¬-before-
> policy=1518147539
>
>
Mike can probably provide more precise information, but my guess is that
there is something about the response being sent back to the Guacamole
Session that Guacamole is unhappy about - either it isn't seeing the
id_token parameter when it expects to, or it's in a format it doesn't
expect, or something like that. I've not used Guacamole with OIDC, so I'm
not going to be of very much help, here.
-Nick
