We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug Without an email assigned to a user in AD accessing guacamole fails with a 500 error. Guacamole app logs:
guacd[236]: INFO: Guacamole proxy daemon (guacd) version 1.5.1 started guacd[236]: INFO: Listening on host 0.0.0.0, port 4822 [proxy.go:89] mapping path "/" => upstream "http://0.0.0.0:8080" [oauthproxy.go:162] OAuthProxy configured for OpenID Connect Client ID: XXX [oauthproxy.go:168] Cookie settings: name:_oauth2_proxy secure(https):true httponly:true expiry:168h0m0s domains: path:/ samesite: refresh:after 50m0s [oauthproxy.go:959] No valid authentication in request. Initiating login. x.x.x.x - a4ad31ff-d4aa-4130-8038-5e4173f7c871 - - GET - "/robots933456.txt" HTTP/1.1 "HealthCheck/1.0" 302 491 0.000 [oauthproxy.go:959] No valid authentication in request. Initiating login. x.x.x.x - f5b6cdf8-789a-4cff-a509-d460f072d894 - - [2023/06/05 18:13:55] guacamole-XXX-ws-4c91-svc-1c6d.azurewebsites.net GET - "/guacamole" HTTP/1.1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36" 302 484 0.040 [oauthproxy.go:823] Error redeeming code during OAuth2 callback: could not get claim "email": failed to fetch claims from profile URL: error making request to profile URL: unexpected status "401": {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"XXX","request-id":"XXX","client-request-id":"XXX"}}}
Steps to reproduce
The text was updated successfully, but these errors were encountered:
I believe email address is a requirement of OpenID, unless there is another field we can configure Oauth proxy to use.
Sorry, something went wrong.
Maybe we can change oidc-email-claim to prefered_username.
oidc-email-claim
prefered_username
marrobi
Successfully merging a pull request may close this issue.
Describe the bug
Without an email assigned to a user in AD accessing guacamole fails with a 500 error. Guacamole app logs:
Steps to reproduce
The text was updated successfully, but these errors were encountered: