I see in your guacamole.properties :
openid-redirect-uri: https://guac.local/guacamole/api/ext/oidc/callback
Remove the red part and it should work.
Don't forget to check if the authorized redirect URI is
https://guac.local/guacamole/ in the Authentik OpenID client
configuration.
Best regards,
Corentin Soriano
On 2025-06-17 19:33, Eutim Putnoki wrote:
Hi Tom, Corentin,
Thanks for taking the time and trying to help.
Regarding the callback, the documentation mentions 'SAML_CALLBACK_URL',
although I wasn't able to find anything similar for openid.
Can you please let me know if you're using SAML or OPENID? It would
really help if somebody has a similar setup as me (Authentik openid,
guacamole, docker, npm).
Regarding the comment about the URI's, I believe I do it the same way
you mentioned it.
I have zipped up my project files and added them in the appendix. Could
you please have a look? I'm very much lost at this point. I have been
staring at the screen for 8 hours per day for the last seven days.. I
can't get this to work.
Best Regards,
Eutim Putnoki
On Tue, Jun 17, 2025 at 6:07 PM Corentin SORIANO <[email protected]>
wrote:
The openid-redirect-uri parameter should look like https://{{
your_domain }}/guacamole/ and the authorized redirect URI in the OIDC
provider must be exactly the same.
Best regards,
Corentin Soriano
On 2025-06-17 12:48, Tom Eaton wrote:
I don't believe there is a callback endpoint in Guacamole. My config
just has the URL of guacamole. In your example this would be
https://guac.local/guacamole
On 17 Jun 2025, at 09:37, Eutim Putnoki <[email protected]> wrote:
Hello,
I am having a persistent issue setting up Guacamole with Authentik OIDC
using the official Docker images. No matter what I try, I always get a
"No such resource" (404) error when Authentik redirects to the
/guacamole/api/ext/oidc/callback URL.
Here is what I have confirmed through extensive troubleshooting:
Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and
Authentik.
Proxy: The reverse proxy is confirmed to be forwarding the request to
the Guacamole container correctly. We have ruled out proxy-level blocks
and header/buffer size issues.
Extension Loading: The Guacamole logs definitively show that the
guacamole-auth-sso-openid extension is being loaded successfully.
Configuration: The logs also show that the guacamole.properties file is
being read correctly by the extension.
Isolation: The issue persists even when disabling all other extensions
(like PostgreSQL) and running only the OIDC extension.
Versions: The issue occurs on both Guacamole 1.5.5 and latest tags.
The core problem seems to be that while the OIDC extension loads, its
JAX-RS API endpoint for the callback is not being registered within the
Guacamole web application, leading to the 404.
Referenced sources:
https://guacamole.apache.org/doc/gug/openid-auth.html
https://docs.goauthentik.io/integrations/services/apache-guacamole/
https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication
<logs.txt><docker-compose.yml><guacamole.properties>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
