callback despite successful extension load

Eutim Putnoki Tue, 17 Jun 2025 01:45:58 -0700

 Hello,

I am having a persistent issue setting up Guacamole with Authentik OIDC
using the official Docker images. No matter what I try, I always get a "No
such resource" (404) error when Authentik redirects to the
/guacamole/api/ext/oidc/callback URL.


Here is what I have confirmed through extensive troubleshooting:

    Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and
Authentik.
    Proxy: The reverse proxy is confirmed to be forwarding the request to
the Guacamole container correctly. We have ruled out proxy-level blocks and
header/buffer size issues.
    Extension Loading: The Guacamole logs definitively show that the
guacamole-auth-sso-openid extension is being loaded successfully.
    Configuration: The logs also show that the guacamole.properties file is
being read correctly by the extension.
    Isolation: The issue persists even when disabling all other extensions
(like PostgreSQL) and running only the OIDC extension.
    Versions: The issue occurs on both Guacamole 1.5.5 and latest tags.

The core problem seems to be that while the OIDC extension loads, its
JAX-RS API endpoint for the callback is not being registered within the
Guacamole web application, leading to the 404.


Referenced sources:
https://guacamole.apache.org/doc/gug/openid-auth.html
https://docs.goauthentik.io/integrations/services/apache-guacamole/
https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication

it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it guacamole_webapp 
/bin/sh
$ ping -c 4 authentik-server
/bin/sh: 1: ping: not found
$ curl 
http://authentik-server:9000/application/o/guacamole/.well-known/openid-configuration
{
  "issuer": "http://authentik-server:9000/application/o/guacamole/";,
  "authorization_endpoint": 
"http://authentik-server:9000/application/o/authorize/";,
  "token_endpoint": "http://authentik-server:9000/application/o/token/";,
  "userinfo_endpoint": "http://authentik-server:9000/application/o/userinfo/";,
  "end_session_endpoint": 
"http://authentik-server:9000/application/o/guacamole/end-session/";,
  "introspection_endpoint": 
"http://authentik-server:9000/application/o/introspect/";,
  "revocation_endpoint": "http://authentik-server:9000/application/o/revoke/";,
  "device_authorization_endpoint": 
"http://authentik-server:9000/application/o/device/";,
  "response_types_supported": [
    "code",
    "id_token",
    "id_token token",
    "code token",
    "code id_token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "jwks_uri": "http://authentik-server:9000/application/o/guacamole/jwks/";,
  "grant_types_supported": [
    "authorization_code",
    "refresh_token",
    "implicit",
    "client_credentials",
    "password",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic"
  ],
  "acr_values_supported": [
    "goauthentik.io/providers/oauth2/default"
  ],
  "scopes_supported": [
    "email",
    "profile",
    "openid"
  ],
  "request_parameter_supported": false,
  "claims_supported": [
    "sub",
    "iss",
    "aud",
    "exp",
    "iat",
    "auth_time",
    "acr",
    "amr",
    "nonce",
    "email",
    "email_verified",
    "name",
    "given_name",
    "preferred_username",
    "nickname",
    "groups"
  ],
  "claims_parameter_supported": false,
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}$ curl http://authentik-server:9000/application/o/guacamole/jwks/
{"keys": [{"alg": "RS256", "kid": "07a3dfd856161d424e566a8d1eb5a9a2", "kty": 
"RSA", "use": "sig", "n": 
"05-4cuVVhugPaWwuatRfZw1bCF0L2tmbALF24ppBTNiFBVY7NLO82zL_5OTQOCgBTpOeStWFTYrRRQzrC97Gk4SpEsw332aGRV5bBfI52N4Cdcvc__sLBlc83FPQQSeby_v0Gt4bHh1Ax5c7ODgUz3Vl0gG9jcB6cJ9PsbZoX-rhK6y93Y3R_vPkbEnb8FKCvh2lQ_yShd7nObqfgl6otc_Y5iVAT2c8EOzqzJEWie9DI3Cl1Y8wI6wKuujVL3LmLBqogfyMpdrUUEhh-Eg_PwbgQuPYGLEnnSGaHvbcUhdj3EKCe61vnMF1fJdSkGepCmVi0HC6HeMzWnSBECLgPtJ3d7j1sf6fHyanIcf9sMcRvz6eWNbgxvD3mhpQ9hNBLJMsZboO8BjYg1gjUXFj5fl9PuW9DmSlMfkuuhM_18DjNnAjYYGAtNmCtp_qHmQPOx4ceBrb4pJ-Du28iR3sHtuqiLSvq4yrQxJiU6mzdUpxvjtt4FaFXgKrFcClXghb--CgSYvRLKqw4xlA60qos7nBN-iR2GvfkC8HYwrVolR_CIEdZg6_2yptlawPP83GGemYAjbM_jMzyk43j9iBYyNU0LR-MGLgdu0UZ4gtxGi1WdbTP2HZHv-Z8xB-PSNWyzJzbrlW8u4Sb_zkwdHYv8tOCNip8aAWnRZLOaiB0tE",
 "e": "AQAB", "x5c": 
["MIIFUjCCAzqgAwIBAgIQIZ71aZpPTOabJqljviZT8TANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJhdXRoZW50aWsgMjAyNS40LjAwHhcNMjUwNjE1MTY0NDU5WhcNMjYwNjE2MTY0NDU5WjBWMSowKAYDVQQDDCFhdXRoZW50aWsgU2VsZi1zaWduZWQgQ2VydGlmaWNhdGUxEjAQBgNVBAoMCWF1dGhlbnRpazEUMBIGA1UECwwLU2VsZi1zaWduZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTn7hy5VWG6A9pbC5q1F9nDVsIXQva2ZsAsXbimkFM2IUFVjs0s7zbMv/k5NA4KAFOk55K1YVNitFFDOsL3saThKkSzDffZoZFXlsF8jnY3gJ1y9z/+wsGVzzcU9BBJ5vL+/Qa3hseHUDHlzs4OBTPdWXSAb2NwHpwn0+xtmhf6uErrL3djdH+8+RsSdvwUoK+HaVD/JKF3uc5up+CXqi1z9jmJUBPZzwQ7OrMkRaJ70MjcKXVjzAjrAq66NUvcuYsGqiB/Iyl2tRQSGH4SD8/BuBC49gYsSedIZoe9txSF2PcQoJ7rW+cwXV8l1KQZ6kKZWLQcLod4zNadIEQIuA+0nd3uPWx/p8fJqchx/2wxxG/Pp5Y1uDG8PeaGlD2E0Eskyxlug7wGNiDWCNRcWPl+X0+5b0OZKUx+S66Ez/XwOM2cCNhgYC02YK2n+oeZA87Hhx4Gtvikn4O7byJHewe26qItK+rjKtDEmJTqbN1SnG+O23gVoVeAqsVwKVeCFv74KBJi9EsqrDjGUDrSqizucE36JHYa9+QLwdjCtWiVH8IgR1mDr/bKm2VrA8/zcYZ6ZgCNsz+MzPKTjeP2IFjI1TQtH4wYuB27RRniC3EaLVZ1tM/Ydke/5nzEH49I1bLMnNuuVby7hJv/OTB0di/y04I2KnxoBadFks5qIHS0QIDAQABo1UwUzBRBgNVHREBAf8ERzBFgkNhcXZHMjZoczJOcklPN3R0ZVFwczFEZXVJQnUyejl4eTlITmVWZHpKLnNlbGYtc2lnbmVkLmdvYXV0aGVudGlrLmlvMA0GCSqGSIb3DQEBCwUAA4ICAQBWfrUmLcMJrwAs4OuFdC9YwrJOyL9vynLLg4pMlZ+R/p7ECdrNDBnZaGYaEddfy8f0yvMwXHfs5Ah3Rq/XXznDSBC4CCXRlHGHzQeM71lY3t0PWvpdFWO9BrXp/Ck0f8Vf8uZrTJUdPwBjBa0iqWgI2dSc71TTtPcng0TmSioc9X4sv1TtpL4MeuMCy0xhoslxOO3vqRjIrICKzOWqY+cnS+pQp6QUmKwClwBhacaP1ky6dFLIgvp3VTzYgXADR57yDoT+LPRF6u6PzFK38+F9BqKffh8JzU0GiFo2l2d3iBj/SdtxPZE1OedAWQg0zMis24CQwEahCLm0Mcd3Issjt6ni+HJeVQ/AfMOhU9QfXmLhIiVQEAu/PVHbbOYnA3Td8QsdSpnG3jgJwdD6ZLdzakBCExXJkPwGHnP6ZWq2OXUh+YPUYkq0esN3YV+fM+eAgR6f+d9ah0LeceZq+1BqVSVDgDupL+nuFS0o47wPVYxuyZe0/yH60Zc3j29JLe7kkR5jUzi2aDOPFgWKPJ5quct99DXv8UfuEShdblL1p8WhSNNVXziQVZQEwcWKPV6XJLKnbrWBXCnkIn6fSAUJv/ng102yecxZW8CynCqSwZDYop2Dx1TUVd0EP8ogzdXd2g+BJJn+5bNb7Y7KJr318Z40QFnghwehDYbWtYtoDg=="],
 "x5t": "0lBMisNtRFoKtwhKkDuu0qnq2ek", "x5t#S256": 
"EetwXRpKnQTTp-F1KWFLQAe-pWAp5bGFLJmMeKMjJ2g"}]}$ tail -f 
/home/guacamole/tomcat/logs/localhost_access_log.2025-06-16.txt^H^H^H^H^H
tail: cannot open 
'/home/guacamole/tomcat/logs/localhost_access_log.2025-06-16.txt'$'\b\b\b\b\b' 
for reading: No such file or directory
tail: no files remaining
$ ls /home/guacamole/tomcat/logs/
catalina.2025-06-17.log  host-manager.2025-06-17.log  localhost.2025-06-17.log  
localhost_access_log.2025-06-17.txt  manager.2025-06-17.log
$ tail -f /home/guacamole/tomcat/logs/localhost_access_log.2025-06-17.txt
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET /guacamole/ HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET 
/guacamole/app.css?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET 
/guacamole/app.js?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET /guacamole/api/patches 
HTTP/1.1" 200 435
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "POST /guacamole/api/tokens 
HTTP/1.1" 403 572
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:08:32 +0000] "GET 
/guacamole/translations/en.json HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:08:33 +0000] "GET 
/guacamole/api/ext/oidc/callback HTTP/1.1" 404 182
172.18.0.7 - - [17/Jun/2025:07:08:33 +0000] "GET /favicon.ico HTTP/1.1" 404 683
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/ HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/app.css?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/app.js?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/patches 
HTTP/1.1" 200 435
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "POST /guacamole/api/tokens 
HTTP/1.1" 403 572
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/images/guac-tricolor.svg HTTP/1.1" 200 3788
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/translations/en.json HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/api/ext/oidc/callback HTTP/1.1" 404 182
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /favicon.ico HTTP/1.1" 404 683
^C          : not found
$ ^[[A^[[A
$ in/sh: 7:
$ ls -l /home/guacamole/.guacamole/extensions/
total 7404
lrwxrwxrwx 1 guacamole guacamole      57 Jun 17 06:59 
1-guacamole-auth-sso-openid-1.5.5.jar -> 
/opt/guacamole/openid/guacamole-auth-sso-openid-1.5.5.jar
lrwxrwxrwx 1 guacamole guacamole      66 Jun 17 06:59 
guacamole-auth-jdbc-postgresql-1.5.5.jar -> 
/opt/guacamole/postgresql/guacamole-auth-jdbc-postgresql-1.5.5.jar
-rw-r--r-- 1 guacamole guacamole 7574899 Mar 30  2024 
guacamole-auth-sso-openid-1.5.5.jar
$ exit
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm ls
app.js  db.js     global    internal     lib        migrate.js  models        
nodemon.json  routes  scripts   templates           yarn.lock
config  frontend  index.js  knexfile.js  logger.js  migrations  node_modules  
package.json  schema  setup.js  validate-schema.js
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm ls  /data/logs/
fallback_access.log  letsencrypt-requests_access.log  proxy-host-1_access.log  
proxy-host-2_access.log
fallback_error.log   letsencrypt-requests_error.log   proxy-host-1_error.log   
proxy-host-2_error.log
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
proxy-host-1_access.log
tail: cannot open 'proxy-host-1_access.log' for reading: No such file or 
directory
tail: no files remaining
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-1_access.log
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/enterprise/license/summary/" [Client 192.168.1.200] [Length 115] [Gzip 
-] [Sent-to authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/users/me/" [Client 192.168.1.200] [Length 807] [Gzip -] [Sent-to 
authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/users/me/" [Client 192.168.1.200] [Length 807] [Gzip -] [Sent-to 
authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&page_size=1&seen=false&user=6" 
[Client 192.168.1.200] [Length 470] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&seen=false&user=6" [Client 
192.168.1.200] [Length 598] [Gzip -] [Sent-to authentik-server] "Mozilla/5.0 
(Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 Firefox/139.0" 
"https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&page_size=1&seen=false&user=6" 
[Client 192.168.1.200] [Length 470] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/applications/?only_with_launch_url=true&ordering=name&page=1&page_size=100"
 [Client 192.168.1.200] [Length 598] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - - 499 - GET https auth.local 
"/static/dist/assets/icons/icon.png" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:03 +0000] - 101 101 - GET https auth.local "/ws/client/" 
[Client 192.168.1.200] [Length 4] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "-"
[17/Jun/2025:07:13:03 +0000] - 302 302 - GET https auth.local 
"/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=74qip9589rribk3m9irca4pg7u"
 [Client 192.168.1.200] [Length 23] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://guac.local/";
^[[A^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-1_error.log
2025/06/16 17:34:45 [error] 336#336: *540 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:35:00 [error] 349#349: *582 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:57:17 [error] 245#245: *148 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:21:51 [error] 253#253: *6 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:30:16 [error] 253#253: *76 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:11 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:47 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:32:37 [error] 280#280: *183 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 19:07:21 [error] 185#185: *1 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
2025/06/16 19:07:24 [error] 186#186: *8 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-1_error.log
2025/06/16 17:34:45 [error] 336#336: *540 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:35:00 [error] 349#349: *582 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:57:17 [error] 245#245: *148 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:21:51 [error] 253#253: *6 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:30:16 [error] 253#253: *76 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:11 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:47 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:32:37 [error] 280#280: *183 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 19:07:21 [error] 185#185: *1 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
2025/06/16 19:07:24 [error] 186#186: *8 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-2_error.log
2025/06/16 17:11:13 [warn] 226#226: *235 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/guacamole.4baaa9df5aed3303a40f.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/guacamole.4baaa9df5aed3303a40f.js";, host: 
"guac.local", referrer: "https://guac.local/guacamole/";
2025/06/16 17:57:16 [warn] 247#247: *175 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/angular.min.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/angular.min.js";, host: "guac.local", 
referrer: "https://guac.local/guacamole/";
2025/06/16 17:57:16 [warn] 247#247: *176 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/guacamole.4baaa9df5aed3303a40f.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/guacamole.4baaa9df5aed3303a40f.js";, host: 
"guac.local", referrer: "https://guac.local/guacamole/";
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-2_access.log
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/app.css?b=20250616005750" [Client 192.168.1.200] [Length 0] [Gzip 
-] [Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/app.js?b=20250616005750" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/patches" [Client 192.168.1.200] [Length 435] [Gzip -] [Sent-to 
guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 403 403 - POST https guac.local 
"/guacamole/api/tokens" [Client 192.168.1.200] [Length 572] [Gzip -] [Sent-to 
guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/languages" [Client 192.168.1.200] [Length 244] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/languages" [Client 192.168.1.200] [Length 244] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/images/guac-tricolor.svg" [Client 192.168.1.200] [Length 3788] 
[Gzip -] [Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" 
"https://guac.local/guacamole/1.guacamole.6f7b293d2dba5a891aa5.css";
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/translations/en.json" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 404 404 - GET https guac.local 
"/guacamole/api/ext/oidc/callback" [Client 192.168.1.200] [Length 182] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/";
[17/Jun/2025:07:13:03 +0000] - 404 404 - GET https guac.local "/favicon.ico" 
[Client 192.168.1.200] [Length 440] [Gzip 1.60] [Sent-to guacamole_webapp] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://guac.local/guacamole/api/ext/oidc/callback";
^Cit-dashboard@it-dashboard:~/guacamole-sso$ exit
logout

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Session stopped
    - Press <Return> to exit tab
    - Press R to restart session
    - Press S to save terminal output to file
[email protected]'s password:
    +----------------------------------------------------------------------+
    ¦                 • MobaXterm Personal Edition v25.2 •                 ¦
    ¦               (SSH client, X server and network tools)               ¦
    ¦                                                                      ¦
    ¦ ? SSH session to [email protected]                            ¦
    ¦   • Direct SSH      :  ?                                             ¦
    ¦   • SSH compression :  ?                                             ¦
    ¦   • SSH-browser     :  ?                                             ¦
    ¦   • X11-forwarding  :  ?  (remote display is forwarded through SSH)  ¦
    ¦                                                                      ¦
    ¦ ? For more info, ctrl+click on help or visit our website.            ¦
    +----------------------------------------------------------------------+

Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-60-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Tue Jun 17 07:16:25 AM UTC 2025

  System load:  0.35               Processes:               201
  Usage of /:   68.9% of 24.44GB   Users logged in:         0
  Memory usage: 41%                IPv4 address for enp0s3: 192.168.1.9
  Swap usage:   0%

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

Expanded Security Maintenance for Applications is not enabled.

6 updates can be applied immediately.
6 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

12 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm


Last login: Tue Jun 17 06:59:15 2025 from 192.168.1.200
it-dashboard@it-dashboard:~$ cd guacamole-sso/
it-dashboard@it-dashboard:~/guacamole-sso$ docker compose logs guacamole
guacamole_webapp  | 17-Jun-2025 06:59:24.620 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version name:   
Apache Tomcat/8.5.100
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server built:          
Mar 19 2024 13:54:42 UTC
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version number: 
8.5.100.0
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Name:               
Linux
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Version:            
6.8.0-60-generic
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Architecture:          
amd64
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Java Home:             
/opt/java/openjdk/jre
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           
1.8.0_402-b06
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            
Temurin
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         
/home/guacamole/tomcat
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         
/usr/local/tomcat
guacamole_webapp  | 17-Jun-2025 06:59:24.624 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dguacamole.frontend-proxy-ssl=true
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dguacamole.home=/etc/guacamole
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djdk.tls.ephemeralDHKeySize=2048
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dignore.endorsed.dirs=
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dcatalina.base=/home/guacamole/tomcat
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dcatalina.home=/usr/local/tomcat
guacamole_webapp  | 17-Jun-2025 06:59:24.625 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.io.tmpdir=/home/guacamole/tomcat/temp
guacamole_webapp  | 17-Jun-2025 06:59:24.626 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache 
Tomcat Native library [1.2.39] using APR version [1.7.0].
guacamole_webapp  | 17-Jun-2025 06:59:24.626 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: 
IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}].
guacamole_webapp  | 17-Jun-2025 06:59:24.626 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [false], useOpenSSL [true]
guacamole_webapp  | 17-Jun-2025 06:59:24.638 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 3.0.2 15 Mar 2022]
guacamole_webapp  | 17-Jun-2025 06:59:24.731 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-8080"]
guacamole_webapp  | 17-Jun-2025 06:59:24.748 INFO [main] 
org.apache.catalina.startup.Catalina.load Initialization processed in 720 ms
guacamole_webapp  | 17-Jun-2025 06:59:24.786 INFO [main] 
org.apache.catalina.core.StandardService.startInternal Starting service 
[Catalina]
guacamole_webapp  | 17-Jun-2025 06:59:24.786 INFO [main] 
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: 
[Apache Tomcat/8.5.100]
guacamole_webapp  | 17-Jun-2025 06:59:24.811 INFO [localhost-startStop-1] 
org.apache.catalina.startup.HostConfig.deployWAR Deploying web application 
archive [/home/guacamole/tomcat/webapps/guacamole.war]
guacamole_webapp  | 17-Jun-2025 06:59:26.400 INFO [localhost-startStop-1] 
org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for 
TLDs yet contained no TLDs. Enable debug logging for this logger for a complete 
list of JARs that were scanned but no TLDs were found in them. Skipping 
unneeded JARs during scanning can improve startup time and JSP compilation time.
guacamole_webapp  | 06:59:26.807 [localhost-startStop-1] INFO  
o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
guacamole_webapp  | 06:59:26.887 [localhost-startStop-1] INFO  
o.a.g.GuacamoleServletContextListener - Read configuration parameters from 
"/etc/guacamole/guacamole.properties".
guacamole_webapp  | 06:59:26.890 [localhost-startStop-1] INFO  
o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of 
inactivity.
guacamole_webapp  | 06:59:27.305 [localhost-startStop-1] INFO  
o.a.g.extension.ExtensionModule - Extension "OpenID Authentication Extension" 
(openid) loaded.
guacamole_webapp  | 06:59:27.407 [localhost-startStop-1] INFO  
o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
guacamole_webapp  | 17-Jun-2025 06:59:28.404 INFO [localhost-startStop-1] 
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application 
archive [/home/guacamole/tomcat/webapps/guacamole.war] has finished in [3,592] 
ms
guacamole_webapp  | 17-Jun-2025 06:59:28.411 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
guacamole_webapp  | 17-Jun-2025 06:59:28.443 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in 3694 ms
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it guacamole_webapp 
/bin/sh
$ curl 
http://authentik-server:9000/application/o/guacamole/.well-known/openid-configuration
{
  "issuer": "http://authentik-server:9000/application/o/guacamole/";,
  "authorization_endpoint": 
"http://authentik-server:9000/application/o/authorize/";,
  "token_endpoint": "http://authentik-server:9000/application/o/token/";,
  "userinfo_endpoint": "http://authentik-server:9000/application/o/userinfo/";,
  "end_session_endpoint": 
"http://authentik-server:9000/application/o/guacamole/end-session/";,
  "introspection_endpoint": 
"http://authentik-server:9000/application/o/introspect/";,
  "revocation_endpoint": "http://authentik-server:9000/application/o/revoke/";,
  "device_authorization_endpoint": 
"http://authentik-server:9000/application/o/device/";,
  "response_types_supported": [
    "code",
    "id_token",
    "id_token token",
    "code token",
    "code id_token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "jwks_uri": "http://authentik-server:9000/application/o/guacamole/jwks/";,
  "grant_types_supported": [
    "authorization_code",
    "refresh_token",
    "implicit",
    "client_credentials",
    "password",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic"
  ],
  "acr_values_supported": [
    "goauthentik.io/providers/oauth2/default"
  ],
  "scopes_supported": [
    "email",
    "profile",
    "openid"
  ],
  "request_parameter_supported": false,
  "claims_supported": [
    "sub",
    "iss",
    "aud",
    "exp",
    "iat",
    "auth_time",
    "acr",
    "amr",
    "nonce",
    "email",
    "email_verified",
    "name",
    "given_name",
    "preferred_username",
    "nickname",
    "groups"
  ],
  "claims_parameter_supported": false,
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}$ curl http://authentik-server:9000/application/o/guacamole/jwks/
{"keys": [{"alg": "RS256", "kid": "07a3dfd856161d424e566a8d1eb5a9a2", "kty": 
"RSA", "use": "sig", "n": 
"05-4cuVVhugPaWwuatRfZw1bCF0L2tmbALF24ppBTNiFBVY7NLO82zL_5OTQOCgBTpOeStWFTYrRRQzrC97Gk4SpEsw332aGRV5bBfI52N4Cdcvc__sLBlc83FPQQSeby_v0Gt4bHh1Ax5c7ODgUz3Vl0gG9jcB6cJ9PsbZoX-rhK6y93Y3R_vPkbEnb8FKCvh2lQ_yShd7nObqfgl6otc_Y5iVAT2c8EOzqzJEWie9DI3Cl1Y8wI6wKuujVL3LmLBqogfyMpdrUUEhh-Eg_PwbgQuPYGLEnnSGaHvbcUhdj3EKCe61vnMF1fJdSkGepCmVi0HC6HeMzWnSBECLgPtJ3d7j1sf6fHyanIcf9sMcRvz6eWNbgxvD3mhpQ9hNBLJMsZboO8BjYg1gjUXFj5fl9PuW9DmSlMfkuuhM_18DjNnAjYYGAtNmCtp_qHmQPOx4ceBrb4pJ-Du28iR3sHtuqiLSvq4yrQxJiU6mzdUpxvjtt4FaFXgKrFcClXghb--CgSYvRLKqw4xlA60qos7nBN-iR2GvfkC8HYwrVolR_CIEdZg6_2yptlawPP83GGemYAjbM_jMzyk43j9iBYyNU0LR-MGLgdu0UZ4gtxGi1WdbTP2HZHv-Z8xB-PSNWyzJzbrlW8u4Sb_zkwdHYv8tOCNip8aAWnRZLOaiB0tE",
 "e": "AQAB", "x5c": 
["MIIFUjCCAzqgAwIBAgIQIZ71aZpPTOabJqljviZT8TANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJhdXRoZW50aWsgMjAyNS40LjAwHhcNMjUwNjE1MTY0NDU5WhcNMjYwNjE2MTY0NDU5WjBWMSowKAYDVQQDDCFhdXRoZW50aWsgU2VsZi1zaWduZWQgQ2VydGlmaWNhdGUxEjAQBgNVBAoMCWF1dGhlbnRpazEUMBIGA1UECwwLU2VsZi1zaWduZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTn7hy5VWG6A9pbC5q1F9nDVsIXQva2ZsAsXbimkFM2IUFVjs0s7zbMv/k5NA4KAFOk55K1YVNitFFDOsL3saThKkSzDffZoZFXlsF8jnY3gJ1y9z/+wsGVzzcU9BBJ5vL+/Qa3hseHUDHlzs4OBTPdWXSAb2NwHpwn0+xtmhf6uErrL3djdH+8+RsSdvwUoK+HaVD/JKF3uc5up+CXqi1z9jmJUBPZzwQ7OrMkRaJ70MjcKXVjzAjrAq66NUvcuYsGqiB/Iyl2tRQSGH4SD8/BuBC49gYsSedIZoe9txSF2PcQoJ7rW+cwXV8l1KQZ6kKZWLQcLod4zNadIEQIuA+0nd3uPWx/p8fJqchx/2wxxG/Pp5Y1uDG8PeaGlD2E0Eskyxlug7wGNiDWCNRcWPl+X0+5b0OZKUx+S66Ez/XwOM2cCNhgYC02YK2n+oeZA87Hhx4Gtvikn4O7byJHewe26qItK+rjKtDEmJTqbN1SnG+O23gVoVeAqsVwKVeCFv74KBJi9EsqrDjGUDrSqizucE36JHYa9+QLwdjCtWiVH8IgR1mDr/bKm2VrA8/zcYZ6ZgCNsz+MzPKTjeP2IFjI1TQtH4wYuB27RRniC3EaLVZ1tM/Ydke/5nzEH49I1bLMnNuuVby7hJv/OTB0di/y04I2KnxoBadFks5qIHS0QIDAQABo1UwUzBRBgNVHREBAf8ERzBFgkNhcXZHMjZoczJOcklPN3R0ZVFwczFEZXVJQnUyejl4eTlITmVWZHpKLnNlbGYtc2lnbmVkLmdvYXV0aGVudGlrLmlvMA0GCSqGSIb3DQEBCwUAA4ICAQBWfrUmLcMJrwAs4OuFdC9YwrJOyL9vynLLg4pMlZ+R/p7ECdrNDBnZaGYaEddfy8f0yvMwXHfs5Ah3Rq/XXznDSBC4CCXRlHGHzQeM71lY3t0PWvpdFWO9BrXp/Ck0f8Vf8uZrTJUdPwBjBa0iqWgI2dSc71TTtPcng0TmSioc9X4sv1TtpL4MeuMCy0xhoslxOO3vqRjIrICKzOWqY+cnS+pQp6QUmKwClwBhacaP1ky6dFLIgvp3VTzYgXADR57yDoT+LPRF6u6PzFK38+F9BqKffh8JzU0GiFo2l2d3iBj/SdtxPZE1OedAWQg0zMis24CQwEahCLm0Mcd3Issjt6ni+HJeVQ/AfMOhU9QfXmLhIiVQEAu/PVHbbOYnA3Td8QsdSpnG3jgJwdD6ZLdzakBCExXJkPwGHnP6ZWq2OXUh+YPUYkq0esN3YV+fM+eAgR6f+d9ah0LeceZq+1BqVSVDgDupL+nuFS0o47wPVYxuyZe0/yH60Zc3j29JLe7kkR5jUzi2aDOPFgWKPJ5quct99DXv8UfuEShdblL1p8WhSNNVXziQVZQEwcWKPV6XJLKnbrWBXCnkIn6fSAUJv/ng102yecxZW8CynCqSwZDYop2Dx1TUVd0EP8ogzdXd2g+BJJn+5bNb7Y7KJr318Z40QFnghwehDYbWtYtoDg=="],
 "x5t": "0lBMisNtRFoKtwhKkDuu0qnq2ek", "x5t#S256": 
"EetwXRpKnQTTp-F1KWFLQAe-pWAp5bGFLJmMeKMjJ2g"}]}$ tail -f 
/home/guacamole/tomcat/logs/localhost_access_log.2025-06-17.txt
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/app.css?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/app.js?b=20250616005750 HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/patches 
HTTP/1.1" 200 435
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "POST /guacamole/api/tokens 
HTTP/1.1" 403 572
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /guacamole/api/languages 
HTTP/1.1" 200 244
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/images/guac-tricolor.svg HTTP/1.1" 200 3788
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/translations/en.json HTTP/1.1" 304 -
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET 
/guacamole/api/ext/oidc/callback HTTP/1.1" 404 182
172.18.0.7 - - [17/Jun/2025:07:13:03 +0000] "GET /favicon.ico HTTP/1.1" 404 683
^C
$ ls -l /home/guacamole/.guacamole/extensions/
total 7404
lrwxrwxrwx 1 guacamole guacamole      57 Jun 17 06:59 
1-guacamole-auth-sso-openid-1.5.5.jar -> 
/opt/guacamole/openid/guacamole-auth-sso-openid-1.5.5.jar
lrwxrwxrwx 1 guacamole guacamole      66 Jun 17 06:59 
guacamole-auth-jdbc-postgresql-1.5.5.jar -> 
/opt/guacamole/postgresql/guacamole-auth-jdbc-postgresql-1.5.5.jar
-rw-r--r-- 1 guacamole guacamole 7574899 Mar 30  2024 
guacamole-auth-sso-openid-1.5.5.jar
$ cd /home/guacamole/tomcat/logs/
$ ls
catalina.2025-06-17.log  host-manager.2025-06-17.log  localhost.2025-06-17.log  
localhost_access_log.2025-06-17.txt  manager.2025-06-17.log
$ ^C
$ exit
it-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-1_access.log
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/enterprise/license/summary/" [Client 192.168.1.200] [Length 115] [Gzip 
-] [Sent-to authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/users/me/" [Client 192.168.1.200] [Length 807] [Gzip -] [Sent-to 
authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:01 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/users/me/" [Client 192.168.1.200] [Length 807] [Gzip -] [Sent-to 
authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&page_size=1&seen=false&user=6" 
[Client 192.168.1.200] [Length 470] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&seen=false&user=6" [Client 
192.168.1.200] [Length 598] [Gzip -] [Sent-to authentik-server] "Mozilla/5.0 
(Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 Firefox/139.0" 
"https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/events/notifications/?ordering=-created&page_size=1&seen=false&user=6" 
[Client 192.168.1.200] [Length 470] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - 200 200 - GET https auth.local 
"/api/v3/core/applications/?only_with_launch_url=true&ordering=name&page=1&page_size=100"
 [Client 192.168.1.200] [Length 598] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:02 +0000] - - 499 - GET https auth.local 
"/static/dist/assets/icons/icon.png" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to authentik-server] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://auth.local/if/user/";
[17/Jun/2025:07:13:03 +0000] - 101 101 - GET https auth.local "/ws/client/" 
[Client 192.168.1.200] [Length 4] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "-"
[17/Jun/2025:07:13:03 +0000] - 302 302 - GET https auth.local 
"/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=74qip9589rribk3m9irca4pg7u"
 [Client 192.168.1.200] [Length 23] [Gzip -] [Sent-to authentik-server] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://guac.local/";
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-1_error.log
2025/06/16 17:34:45 [error] 336#336: *540 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=ig5fokunrjtjcr1ahngb0df71k";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:35:00 [error] 349#349: *582 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=g2l2r34i3dvjdqjv50tf16l9o4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 17:57:17 [error] 245#245: *148 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt
 HTTP/1.1", upstream: 
"http://172.18.0.3:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=vr6i03h729dc15dej16vem69kt";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:21:51 [error] 253#253: *6 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=is0cs5t4t9ourip812pmkd5gb4";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:30:16 [error] 253#253: *76 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=pqocn2tdqh7qh6itrjtireq0p5";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:11 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=niidelebg9ijrt7mlt2pqqj89";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:31:47 [error] 267#267: *114 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=q5lrrsgcmafd4g8rqinrv7m81r";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 18:32:37 [error] 280#280: *183 upstream sent too big header while 
reading response header from upstream, client: 192.168.1.200, server: 
auth.local, request: "GET 
/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc
 HTTP/1.1", upstream: 
"http://172.18.0.4:9000/application/o/authorize/?scope=openid+email+profile&response_type=id_token&client_id=c4f31c00-ef3c-457f-9e1c-9d4692c7435e&redirect_uri=https%3A%2F%2Fguac.local%2Fguacamole%2Fapi%2Fext%2Foidc%2Fcallback&nonce=9b8qpj4ug1h3id634dpc4a69cc";,
 host: "auth.local", referrer: "https://guac.local/";
2025/06/16 19:07:21 [error] 185#185: *1 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
2025/06/16 19:07:24 [error] 186#186: *8 connect() failed (111: Connection 
refused) while connecting to upstream, client: 192.168.1.200, server: 
auth.local, request: "GET /ws/client/ HTTP/1.1", upstream: 
"http://172.18.0.6:9000/ws/client/";, host: "auth.local"
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-2_access.log
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/app.css?b=20250616005750" [Client 192.168.1.200] [Length 0] [Gzip 
-] [Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/app.js?b=20250616005750" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/patches" [Client 192.168.1.200] [Length 435] [Gzip -] [Sent-to 
guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 403 403 - POST https guac.local 
"/guacamole/api/tokens" [Client 192.168.1.200] [Length 572] [Gzip -] [Sent-to 
guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/languages" [Client 192.168.1.200] [Length 244] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/api/languages" [Client 192.168.1.200] [Length 244] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 200 200 - GET https guac.local 
"/guacamole/images/guac-tricolor.svg" [Client 192.168.1.200] [Length 3788] 
[Gzip -] [Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:139.0) Gecko/20100101 Firefox/139.0" 
"https://guac.local/guacamole/1.guacamole.6f7b293d2dba5a891aa5.css";
[17/Jun/2025:07:13:03 +0000] - 304 304 - GET https guac.local 
"/guacamole/translations/en.json" [Client 192.168.1.200] [Length 0] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/guacamole/";
[17/Jun/2025:07:13:03 +0000] - 404 404 - GET https guac.local 
"/guacamole/api/ext/oidc/callback" [Client 192.168.1.200] [Length 182] [Gzip -] 
[Sent-to guacamole_webapp] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) 
Gecko/20100101 Firefox/139.0" "https://guac.local/";
[17/Jun/2025:07:13:03 +0000] - 404 404 - GET https guac.local "/favicon.ico" 
[Client 192.168.1.200] [Length 440] [Gzip 1.60] [Sent-to guacamole_webapp] 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 
Firefox/139.0" "https://guac.local/guacamole/api/ext/oidc/callback";
^Cit-dashboard@it-dashboard:~/guacamole-sso$ docker exec -it npm tail -f 
/data/logs/proxy-host-2_error.log
2025/06/16 17:11:13 [warn] 226#226: *235 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/guacamole.4baaa9df5aed3303a40f.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/guacamole.4baaa9df5aed3303a40f.js";, host: 
"guac.local", referrer: "https://guac.local/guacamole/";
2025/06/16 17:57:16 [warn] 247#247: *175 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/angular.min.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/angular.min.js";, host: "guac.local", 
referrer: "https://guac.local/guacamole/";
2025/06/16 17:57:16 [warn] 247#247: *176 an upstream response is buffered to a 
temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading 
upstream, client: 192.168.1.200, server: guac.local, request: "GET 
/guacamole/guacamole.4baaa9df5aed3303a40f.js HTTP/1.1", upstream: 
"http://172.18.0.9:8080/guacamole/guacamole.4baaa9df5aed3303a40f.js";, host: 
"guac.local", referrer: "https://guac.local/guacamole/";

docker-compose.yml
Description: Binary data

#
# guacamole.properties
#

# --- PostgreSQL Authentication ---
enable-environment-properties: true
postgres-hostname: guac-postgres
postgres-database: ${GUAC_POSTGRES_DB}
postgres-username: ${GUAC_POSTGRES_USER}
postgres-password: ${GUAC_POSTGRES_PASSWORD}

# --- OpenID Connect (OIDC) Authentication ---
openid-authorization-endpoint: https://auth.local/application/o/authorize/
openid-issuer: https://auth.local/application/o/guacamole/
openid-redirect-uri: https://guac.local/guacamole/api/ext/oidc/callback
openid-client-id: c4f31c00-ef3c-457f-9e1c-9d4692c7435e 
openid-jwks-endpoint: http://authentik-server:9000/application/o/guacamole/jwks/
openid-token-endpoint: http://authentik-server:9000/application/o/token/
openid-username-claim-type: preferred_username
openid-scope: openid email profile

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Guacamole OIDC Docker - 404 on /api/ext/oidc/callback despite successful extension load

Reply via email to