Hi Nick Those are awesome news, thanks!
Seems to cover the same behaviour, but important note I'm using OpenID and not SAML extension, so I really hope the fix fixes the issue for openid extension as well. According to the schedule, most major releases are on a one year basis, so 1.6 would be expected to release in the following weeks? Best regards Tobias Am Mo., 17. Juni 2024 um 17:53 Uhr schrieb Nick Couchman <vn...@apache.org>: > On Mon, Jun 17, 2024 at 12:55 AM Tobias Meier <tobias.meier...@gmail.com> > wrote: > >> Hi >> >> tl:dr I get auth problem if TOPT and openid SSO are on, each of them >> works if used when the other one is deactivated. >> >> I've setup Guacamole on my LinuxContainer a while ago, works totally fine >> with TOPT and password. >> >> Some days ago I setup integration with Authentik, that works also really >> well, but only if I disable the TOPT extension. >> >> If the TOPT extension is enabled, it asks for a secondary TOPT, which is >> weird but okay, then I get an auth error: >> >> [image: 340133467-4f4018cd-6208-4d03-b709-1d071b10e655.png] >> >> In the browser console I see: >> >> [image: 340133507-fa9d8120-db2b-4fc4-8016-b7a4e81242e4.png] >> >> In the log I see the following: >> >> Jun 16 22:22:48 guacamole tomcat9[188]: 22:22:48.150 [http-nio-8080-exec-8] >> INFO o.a.g.r.auth.AuthenticationService - User "XXXX" successfully >> authenticated from [192.168.1.200, 10.10.20.13]. >> Jun 16 22:22:53 guacamole tomcat9[188]: 22:22:53.477 [http-nio-8080-exec-10] >> INFO o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with >> invalid/old nonce. >> >> >> Issue at authentik github, altough i strongly believe it's a guacamol >> issue. >> https://github.com/goauthentik/authentik/issues/10126 >> >> Thanks for any replies :) >> >> > See the following Jira issue, which I believe covers the behavior you're > seeing: > > https://issues.apache.org/jira/browse/GUACAMOLE-1780 > > Fixes for this have already been merged into the main branch of the code, > which will go into the 1.6.0 release whenever we get that out. > > -Nick >