Hi, Thank you guys a lot, that did the trick! I guess I was just confused as I had been looking at various parts of the documentation (both openid as well as sml), and had mixed things up in my head. The amount of time I was struggling with this is insane. I knew the "fix" would be something very simple that I had just missed.
I really appreciate the help :) Best Regards, Eutim Putnoki On Tue, Jun 17, 2025 at 9:02 PM Corentin SORIANO <[email protected]> wrote: > I see in your guacamole.properties : > > openid-redirect-uri: https://guac.local/guacamole/api/ext/oidc/callback > > Remove the red part and it should work. > Don't forget to check if the authorized redirect URI is > https://guac.local/guacamole/ in the Authentik OpenID client > configuration. > > Best regards, > Corentin Soriano > > > On 2025-06-17 19:33, Eutim Putnoki wrote: > > Hi Tom, Corentin, > > Thanks for taking the time and trying to help. > Regarding the callback, the documentation mentions 'SAML_CALLBACK_URL', > although I wasn't able to find anything similar for openid. > Can you please let me know if you're using SAML or OPENID? It would really > help if somebody has a similar setup as me (Authentik openid, guacamole, > docker, npm). > > Regarding the comment about the URI's, I believe I do it the same way you > mentioned it. > I have zipped up my project files and added them in the appendix. > Could you please have a look? I'm very much lost at this point. I have been > staring at the screen for 8 hours per day for the last seven days.. I can't > get this to work. > > Best Regards, > Eutim Putnoki > > On Tue, Jun 17, 2025 at 6:07 PM Corentin SORIANO <[email protected]> > wrote: > > The openid-redirect-uri parameter should look like https://{{ your_domain > }}/guacamole/ and the authorized redirect URI in the OIDC provider must > be exactly the same. > > Best regards, > Corentin Soriano > > > On 2025-06-17 12:48, Tom Eaton wrote: > > I don't believe there is a callback endpoint in Guacamole. My config just > has the URL of guacamole. In your example this would be > https://guac.local/guacamole > > > > On 17 Jun 2025, at 09:37, Eutim Putnoki <[email protected]> wrote: > > Hello, > > I am having a persistent issue setting up Guacamole with Authentik OIDC > using the official Docker images. No matter what I try, I always get a "No > such resource" (404) error when Authentik redirects to the > /guacamole/api/ext/oidc/callback URL. > > Here is what I have confirmed through extensive troubleshooting: > > Setup: Docker Compose with Guacamole, Guacd, Nginx Proxy Manager, and > Authentik. > Proxy: The reverse proxy is confirmed to be forwarding the request to > the Guacamole container correctly. We have ruled out proxy-level blocks and > header/buffer size issues. > Extension Loading: The Guacamole logs definitively show that the > guacamole-auth-sso-openid extension is being loaded successfully. > Configuration: The logs also show that the guacamole.properties file > is being read correctly by the extension. > Isolation: The issue persists even when disabling all other extensions > (like PostgreSQL) and running only the OIDC extension. > Versions: The issue occurs on both Guacamole 1.5.5 and latest tags. > > The core problem seems to be that while the OIDC extension loads, its > JAX-RS API endpoint for the callback is not being registered within the > Guacamole web application, leading to the 404. > > > Referenced sources: > https://guacamole.apache.org/doc/gug/openid-auth.html > https://docs.goauthentik.io/integrations/services/apache-guacamole/ > > https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication > <logs.txt><docker-compose.yml><guacamole.properties> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
