I don’t believe there is a callback endpoint in Guacamole. My config just has the URL of guacamole. In your example this would be https://guac.local/guacamole
> On 17 Jun 2025, at 09:37, Eutim Putnoki <[email protected]> wrote: > > Hello, > > I am having a persistent issue setting up Guacamole with Authentik OIDC using > the official Docker images. No matter what I try, I always get a "No such > resource" (404) error when Authentik redirects to the > /guacamole/api/ext/oidc/callback URL. > > Here is what I have confirmed through extensive troubleshooting: > > Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and > Authentik. > Proxy: The reverse proxy is confirmed to be forwarding the request to the > Guacamole container correctly. We have ruled out proxy-level blocks and > header/buffer size issues. > Extension Loading: The Guacamole logs definitively show that the > guacamole-auth-sso-openid extension is being loaded successfully. > Configuration: The logs also show that the guacamole.properties file is > being read correctly by the extension. > Isolation: The issue persists even when disabling all other extensions > (like PostgreSQL) and running only the OIDC extension. > Versions: The issue occurs on both Guacamole 1.5.5 and latest tags. > > The core problem seems to be that while the OIDC extension loads, its JAX-RS > API endpoint for the callback is not being registered within the Guacamole > web application, leading to the 404. > > > Referenced sources: > https://guacamole.apache.org/doc/gug/openid-auth.html > https://docs.goauthentik.io/integrations/services/apache-guacamole/ > https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication > > <logs.txt><docker-compose.yml><guacamole.properties> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
