guacamole redirection is failing after integrating with keycloak

Tue, 14 Mar 2023 22:46:30 -0700 

Hi Team,

We are integrating guacamole 1.4.0 with keycloak by using the below OPENID
attributes.

  OPENID_AUTHORIZATION_ENDPOINT: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/auth
"
  OPENID_JWKS_ENDPOINT: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs
"
  OPENID_ISSUER: "
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master";
  OPENID_CLIENT_ID: "guacamole-client"
  OPENID_REDIRECT_URI: "http://guacamole:8080";

We observed that the application URL is redirected to keycloak for
authentication and then redirection to the application URL is failing with
the below error message. But we didn't add keycloak certificates to
guacamole container. Will it give any issue? if yes, please share the
procedure to update the certificates.

13:13:57.927 [http-nio-8080-exec-2] INFO
o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT
processing failed. Additional details: [[17] Unable to process JOSE object
(cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable
verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" :
"b_miyK9tDisD--lStj4nX5AmaoX3EHsrvGysA9TVD8c"} due to an unexpected
exception (java.net.SocketTimeoutException: connect timed out) while
obtaining or using keys from JWKS endpoint at
https://authenticate.id-proxy.rp.de.1u1.local:8443/realms/master/protocol/openid-connect/certs
  ):
<https://l0001spapka0005.rp.de.dmn.local/auth/realms/Symworld/protocol/openid-connect/certs):>
JsonWebSignature{"alg":"RS256","typ"
: "JWT","kid" :
"b_miyK9tDisD--lStj4nX5AmaoX3EHsrvGysA9TVD8c"}->eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiX21peUs5dERpc0QtLWxTdGo0blg1QW1hb1gzRUhzcnZHeXNBOVRWRDhjIn0.eyJleHAiOjE2Nzg4MDA0NTUsImlhdCI6MTY3ODc5OTU1NSwiYXV0aF90aW1lIjoxNjc4NzkzNTM5LCJqdGkiOiJjYTI5ZDhmMS1kZjkyLTRkM2QtYjQ3MC1mYjk5M2UzMjQ4MDUiLCJpc3MiOiJodHRwczovL2wwMDAxc3BhcGthMDAwNS5ycC5kZS5kbW4ubG9jYWwvYXV0aC9yZWFsbXMvU3ltd29ybGQiLCJhdWQiOiJQQU0iLCJzdWIiOiI0MjBhYTQwMC0yNDc3LTQ2OGItOTk2NC03YjhkYWiJJRCIsImF6cCI6IlBBTSIsIm5vbmNlIjoiazZsNTU1N3RlOThnaWVzNjIzcjRkcmExdTkiLCJzZXNzaW9uX3N0YXRlIjoiOGJlZDFjOWEtYTQ2OS00ZGFlLTgwZTUtYTQ5M2FhZGQxMTA1IiwiYWNyIjoiMCIsInNpZCI6IjhiZWQxYzlhLWE0NjktNGRhZS04MGU1LWE0OTNhYWRkMTEwNSIsImVtYWlsX3ZlcmlmaWVkIjp0cnhbWUiOiJLb25kYSIsImVtYWlsIjoidmVua2F0YS5rb25kYUByYWt1dGVuLmNvbSJ9.WVmBCulUiSVppZk5J59wFdThxWpfzmeMwG-jo_-8RyozWrtpNachLafZJtXxcLoFNEGbOi98hM3RK_RsQ0DgSuM9P85xe4Oho6-qIrmk3DIuLoBVN4YjTwALjvKwtKidIluQwMRyZjgvMBmtoF9_qpPQMx_0irTV7gbqDifI8zaIyHwafX_5gQT-pDPu5jeFRS1sR4swUJOvQiKbfe7u897289K4MZ8U-lQnv-wExtumXRvQaf3c7cVzttFgzSGo9XaT_IUI8rHdLj08EKQaf_9iQDuq-PTMpIxFNLSyO8_t-drUVDnmvbKWJS3wPrEuNwItx7E7ya2jZoBiKfWvFQ]


Regards,
Venkata

Reply via email to