2.5 KiB
2.5 KiB
title | description | lead | date | draft | images | menu | integration | parent | weight | toc | community |
---|---|---|---|---|---|---|---|---|---|---|---|
Apache Guacamole | Integrating Apache Guacamole with the Authelia OpenID Connect Provider. | 2022-07-31T13:09:05+10:00 | false | openid-connect | 620 | true | true |
Tested Versions
- Authelia
- Apache Guacamole
- UNKNOWN
Before You Begin
Common Notes
- You are required to utilize a unique client id for every client.
- The client id on this page is merely an example and you can theoretically use any alphanumeric string.
- You should not use the client secret in this example, We strongly recommend reading the Generating Client Secrets guide instead.
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://guacamole.example.com
- Authelia Root URL:
https://auth.example.com
- Client ID:
guacamole
- Client Secret:
guacamole_client_secret
Configuration
Application
To configure Apache Guacamole to utilize Authelia as an OpenID Connect Provider use the following configuration:
openid-client-id: guacamole
openid-scope: openid profile groups email
openid-issuer: https://auth.example.com
openid-jwks-endpoint: https://auth.example.com/jwks.json
openid-authorization-endpoint: https://auth.example.com/api/oidc/authorization?state=1234abcedfdhf
openid-redirect-uri: https://guacamole.example.com
openid-username-claim-type: preferred_username
openid-groups-claim-type: groups
Authelia
The following YAML configuration is an example Authelia client configuration for use with Apache Guacamole which will operate with the above example:
- id: guacamole
description: Apache Guacamole
secret: '$plaintext$guacamole_client_secret'
public: false
authorization_policy: two_factor
redirect_uris:
- https://guacamole.example.com
scopes:
- openid
- profile
- groups
- email
response_types:
- id_token
grant_types:
- implicit
userinfo_signing_algorithm: none