authentik/website/integrations/services/apache-guacamole/index.mdx

---
title: Apache Guacamole™
---

## What is Apache Guacamole™

From https://guacamole.apache.org/

:::note
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
:::

## Preparation

The following placeholders will be used:

-   `guacamole.company` is the FQDN of the Guacamole install.
-   `authentik.company` is the FQDN of the authentik install.

Create an OAuth2/OpenID provider with the following parameters:

-   Client Type: `Confidential`
-   Redirect URIs: `https://guacamole.company/` (depending on your Tomcat setup, you might have to add `/guacamole/` if the application runs in a subfolder)
-   Scopes: OpenID, Email and Profile

Under _Advanced protocol settings_, set the following:

-   Token validity: Any value to configure how long the session should last. Guacamole will not accept any tokens valid longer than 300 Minutes.

Note the Client ID value. Create an application, using the provider you've created above.

## Guacamole

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

<Tabs
  defaultValue="docker"
  values={[
    {label: 'Docker', value: 'docker'},
    {label: 'Standalone', value: 'standalone'},
  ]}>
  <TabItem value="docker">
    The docker containers are configured via environment variables. The following variables are required:

```yaml
OPENID_AUTHORIZATION_ENDPOINT: https://authentik.company/application/o/authorize/
OPENID_CLIENT_ID: # client ID from above
OPENID_ISSUER: https://authentik.company/application/o/*Slug of the application from above*/
OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/*Slug of the application from above*/jwks/
OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect URI above
```

  </TabItem>
  <TabItem value="standalone">
    Standalone Guacamole is configured using the `guacamole.properties` file. Add the following settings:

```
openid-authorization-endpoint=https://authentik.company/application/o/authorize/
openid-client-id=# client ID from above
openid-issuer=https://authentik.company/application/o/*Slug of the application from above*/
openid-jwks-endpoint=https://authentik.company/application/o/*Slug of the application from above*/jwks/
openid-redirect-uri=https://guacamole.company/ # This must match the redirect URI above
```

  </TabItem>
</Tabs>
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`---`
			`title: Apache Guacamole™`
			`---`

			`## What is Apache Guacamole™`

			`From https://guacamole.apache.org/`

			`:::note`
			`Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.`
			`:::`

			`## Preparation`

			`The following placeholders will be used:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- `guacamole.company` is the FQDN of the Guacamole install.
			- `authentik.company` is the FQDN of the authentik install.
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00
			`Create an OAuth2/OpenID provider with the following parameters:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- Client Type: `Confidential`
			- Redirect URIs: `https://guacamole.company/` (depending on your Tomcat setup, you might have to add `/guacamole/` if the application runs in a subfolder)
			`- Scopes: OpenID, Email and Profile`
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			`Under _Advanced protocol settings_, set the following:`
website/docs: add notice for guacamole token length Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-22 18:02:30 +00:00
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			`- Token validity: Any value to configure how long the session should last. Guacamole will not accept any tokens valid longer than 300 Minutes.`
website/docs: add notice for guacamole token length Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-22 18:02:30 +00:00
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`Note the Client ID value. Create an application, using the provider you've created above.`

			`## Guacamole`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			`import Tabs from "@theme/Tabs";`
			`import TabItem from "@theme/TabItem";`
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00
			`<Tabs`
			`defaultValue="docker"`
			`values={[`
			`{label: 'Docker', value: 'docker'},`
			`{label: 'Standalone', value: 'standalone'},`
			`]}>`
			`<TabItem value="docker">`
			`The docker containers are configured via environment variables. The following variables are required:`

			```yaml
			`OPENID_AUTHORIZATION_ENDPOINT: https://authentik.company/application/o/authorize/`
			`OPENID_CLIENT_ID: # client ID from above`
web: fix path for fallback flow view 2021-03-10 22:15:25 +00:00			`OPENID_ISSUER: https://authentik.company/application/o/Slug of the application from above/`
			`OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/Slug of the application from above/jwks/`
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect URI above`
			```
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`</TabItem>`
			`<TabItem value="standalone">`
			Standalone Guacamole is configured using the `guacamole.properties` file. Add the following settings:

			```
			`openid-authorization-endpoint=https://authentik.company/application/o/authorize/`
			`openid-client-id=# client ID from above`
web: fix path for fallback flow view 2021-03-10 22:15:25 +00:00			`openid-issuer=https://authentik.company/application/o/Slug of the application from above/`
			`openid-jwks-endpoint=https://authentik.company/application/o/Slug of the application from above/jwks/`
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`openid-redirect-uri=https://guacamole.company/ # This must match the redirect URI above`
			```
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00
docs: add apache guacamole integration 2021-03-02 21:04:53 +00:00			`</TabItem>`
			`</Tabs>`