jwetzell / docker-guacamole

A self-contained guacamole docker container for x64 and ARM. Remotely connect over SSH, RDP or VNC using HTML5.
https://hub.docker.com/r/oznu/guacamole/
GNU General Public License v3.0
108 stars 18 forks source link

Rejected invalid OpenID token: JWT processing failed #51

Open bazza888 opened 2 months ago

bazza888 commented 2 months ago

Describe Your Problem: Using Authentik as the OAuth Provider the JWT token query fails

Logs:

02:57:23.266 [http-nio-8080-exec-5] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header

Environment:

Guacamole 1.5.5 (latest at time of this post) Authentik 2024.6.1 Both going via NGINX proxy manager with valid Lets Encrypt certs

Notes: All my other OAuth services work just fine - it is isolated to Guacamole Have tried using different certs in the Authentik provider (EC ,RSA etc) Seems to be a fair bit of info on this online with various fixes none of which seemed to work for me Is there a config i can put into the guacamole properties to ignore certs when querying the JWT token

Any help appreciated thank you.

bazza888 commented 2 months ago

Just an update I managed to get things working by pointing my JWKS URI directly at the Authentik container not via NPM So I'm not too fussed just think its curious this is my only container experiencing this issue.

jwetzell commented 2 months ago

Sorry for the late response, I don't know really anything about configuring guacamole the official docs would probably be the place to look for how to configure that kind of stuff.