2.5 KiB
2.5 KiB
| title | description | lead | date | draft | images | menu | integration | parent | weight | toc | community |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache Guacamole | Integrating Apache Guacamole with the Authelia OpenID Connect Provider. | 2022-07-31T13:09:05+10:00 | false | openid-connect | 620 | true | true |
Tested Versions
- Authelia
- Apache Guacamole
- UNKNOWN
Before You Begin
{{% oidc-common %}}
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://guacamole.example.com - Authelia Root URL:
https://auth.example.com - Client ID:
guacamole - Client Secret:
insecure_secret
Configuration
Application
To configure Apache Guacamole to utilize Authelia as an OpenID Connect 1.0 Provider use the following configuration:
openid-client-id: guacamole
openid-scope: openid profile groups email
openid-issuer: https://auth.example.com
openid-jwks-endpoint: https://auth.example.com/jwks.json
openid-authorization-endpoint: https://auth.example.com/api/oidc/authorization?state=1234abcedfdhf
openid-redirect-uri: https://guacamole.example.com
openid-username-claim-type: preferred_username
openid-groups-claim-type: groups
Authelia
The following YAML configuration is an example Authelia client configuration for use with Apache Guacamole which will operate with the above example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: guacamole
description: Apache Guacamole
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://guacamole.example.com
scopes:
- openid
- profile
- groups
- email
response_types:
- id_token
grant_types:
- implicit
userinfo_signing_algorithm: none