[jira] [Updated] (GUACAMOLE-1923) `OPENID_SCOPE` environment variable in Docker not working

Mike Wyatt (Jira) Wed, 07 Feb 2024 23:33:05 -0800


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mike Wyatt updated GUACAMOLE-1923:
----------------------------------
    Description: 
I'm trying to get my existing Guacamole installation working with OpenID. I've 
got everything working correctly, but Guacamole is not requesting the `groups` 
scope.

Here is the relevant environment variables from my docker-compose.yml:

```
    environment:
      - GUACD_HOSTNAME=${COMPOSE_PROJECT_NAME}-guacd-1
      - POSTGRESQL_HOSTNAME=${COMPOSE_PROJECT_NAME}-postgres-1
      - POSTGRESQL_DATABASE=postgres
      - POSTGRESQL_USER=postgres
      - POSTGRESQL_PASSWORD=postgres
      - POSTGRESQL_AUTO_CREATE_ACCOUNTS=true

      - 
OPENID_AUTHORIZATION_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/api/oidc/authorization?state=1234abcedfdhf
      - OPENID_JWKS_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/jwks.json
      - OPENID_ISSUER=https://auth.${HOMELAB_BASE_DOMAIN}
      - OPENID_CLIENT_ID=guacamole
      - 
OPENID_REDIRECT_URI=https://remote-desktop-gateway.${HOMELAB_BASE_DOMAIN}
      - OPENID_USERNAME_CLAIM_TYPE=preferred_username
      - OPENID_GROUPS_CLAIM_TYPE=groups
      - OPENID_SCOPE=openid profile groups email
```

You can see the last line is setting `OPENID_SCOPE`, however, the generated 
`guacamole.properties` does not contain `openid-scope`:

```
guacamole@78282607ee6c:/opt/guacamole$ cat 
/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Thu Feb  8 07:05:31 AM UTC 2024
guacd-hostname: remote-desktop-gateway-guacd-1
guacd-port: 4822
postgresql-username: postgres
postgresql-password: postgres
postgresql-database: postgres
postgresql-hostname: remote-desktop-gateway-postgres-1
postgresql-port: 5432
postgresql-auto-create-accounts: true
openid-authorization-endpoint: 
https://auth.example.com/api/oidc/authorization?state=1234abcedfdhf
openid-jwks-endpoint: https://auth. example.com/jwks.json
openid-issuer: https://auth. example.com
openid-client-id: guacamole
openid-redirect-uri: https://remote-desktop-gateway. example.com
openid-username-claim-type: preferred_username
openid-groups-claim-type: groups
```

  was:
I'm trying to get my existing Guacamole installation working with OpenID. I've 
got everything working correctly, but Guacamole is not requesting the `groups` 
scope.

Here is the relevant environment variables from my docker-compose.yml:

```
    environment:
      - GUACD_HOSTNAME=${COMPOSE_PROJECT_NAME}-guacd-1
      - POSTGRESQL_HOSTNAME=${COMPOSE_PROJECT_NAME}-postgres-1
      - POSTGRESQL_DATABASE=postgres
      - POSTGRESQL_USER=postgres
      - POSTGRESQL_PASSWORD=postgres
      - POSTGRESQL_AUTO_CREATE_ACCOUNTS=true

      - 
OPENID_AUTHORIZATION_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/api/oidc/authorization?state=1234abcedfdhf
      - OPENID_JWKS_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/jwks.json
      - OPENID_ISSUER=https://auth.${HOMELAB_BASE_DOMAIN}
      - OPENID_CLIENT_ID=guacamole
      - 
OPENID_REDIRECT_URI=https://remote-desktop-gateway.${HOMELAB_BASE_DOMAIN}
      - OPENID_USERNAME_CLAIM_TYPE=preferred_username
      - OPENID_GROUPS_CLAIM_TYPE=groups
      - OPENID_SCOPE=openid profile groups email
```

You can see the last line is setting `OPENID_SCOPE`, however, the generated 
`guacamole.properties` does not contain `openid-scope`:

```
guacamole@78282607ee6c:/opt/guacamole$ cat 
/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Thu Feb  8 07:05:31 AM UTC 2024
guacd-hostname: remote-desktop-gateway-guacd-1
guacd-port: 4822
postgresql-username: postgres
postgresql-password: postgres
postgresql-database: postgres
postgresql-hostname: remote-desktop-gateway-postgres-1
postgresql-port: 5432
postgresql-auto-create-accounts: true
openid-authorization-endpoint: 
https://auth.example.com/api/oidc/authorization?state=1234abcedfdhf
openid-jwks-endpoint: https://auth. example.com/jwks.json
openid-issuer: https://auth. example.com
openid-client-id: guacamole
openid-redirect-uri: https://remote-desktop-gateway. example.com
openid-username-claim-type: preferred_username
openid-groups-claim-type: groups
```



> `OPENID_SCOPE` environment variable in Docker not working
> ---------------------------------------------------------
>
>                 Key: GUACAMOLE-1923
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1923
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-openid
>    Affects Versions: 1.5.4
>         Environment: Docker
>            Reporter: Mike Wyatt
>            Priority: Minor
>
> I'm trying to get my existing Guacamole installation working with OpenID. 
> I've got everything working correctly, but Guacamole is not requesting the 
> `groups` scope.
> Here is the relevant environment variables from my docker-compose.yml:
> ```
>     environment:
>       - GUACD_HOSTNAME=${COMPOSE_PROJECT_NAME}-guacd-1
>       - POSTGRESQL_HOSTNAME=${COMPOSE_PROJECT_NAME}-postgres-1
>       - POSTGRESQL_DATABASE=postgres
>       - POSTGRESQL_USER=postgres
>       - POSTGRESQL_PASSWORD=postgres
>       - POSTGRESQL_AUTO_CREATE_ACCOUNTS=true
>       - 
> OPENID_AUTHORIZATION_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/api/oidc/authorization?state=1234abcedfdhf
>       - OPENID_JWKS_ENDPOINT=https://auth.${HOMELAB_BASE_DOMAIN}/jwks.json
>       - OPENID_ISSUER=https://auth.${HOMELAB_BASE_DOMAIN}
>       - OPENID_CLIENT_ID=guacamole
>       - 
> OPENID_REDIRECT_URI=https://remote-desktop-gateway.${HOMELAB_BASE_DOMAIN}
>       - OPENID_USERNAME_CLAIM_TYPE=preferred_username
>       - OPENID_GROUPS_CLAIM_TYPE=groups
>       - OPENID_SCOPE=openid profile groups email
> ```
> You can see the last line is setting `OPENID_SCOPE`, however, the generated 
> `guacamole.properties` does not contain `openid-scope`:
> ```
> guacamole@78282607ee6c:/opt/guacamole$ cat 
> /home/guacamole/.guacamole/guacamole.properties
> # guacamole.properties - generated Thu Feb  8 07:05:31 AM UTC 2024
> guacd-hostname: remote-desktop-gateway-guacd-1
> guacd-port: 4822
> postgresql-username: postgres
> postgresql-password: postgres
> postgresql-database: postgres
> postgresql-hostname: remote-desktop-gateway-postgres-1
> postgresql-port: 5432
> postgresql-auto-create-accounts: true
> openid-authorization-endpoint: 
> https://auth.example.com/api/oidc/authorization?state=1234abcedfdhf
> openid-jwks-endpoint: https://auth. example.com/jwks.json
> openid-issuer: https://auth. example.com
> openid-client-id: guacamole
> openid-redirect-uri: https://remote-desktop-gateway. example.com
> openid-username-claim-type: preferred_username
> openid-groups-claim-type: groups
> ```



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (GUACAMOLE-1923) `OPENID_SCOPE` environment variable in Docker not working

Reply via email to