From 21fd251edf88e22b284045574f7efc8b56b39d57 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 2 Mar 2021 22:04:53 +0100
Subject: [PATCH] docs: add apache guacamole integration

---
 .../services/apache-guacamole/index.mdx       | 62 +++++++++++++++++++
 website/sidebars.js                           |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 website/docs/integrations/services/apache-guacamole/index.mdx

diff --git a/website/docs/integrations/services/apache-guacamole/index.mdx b/website/docs/integrations/services/apache-guacamole/index.mdx
new file mode 100644
index 000000000..d3bc40130
--- /dev/null
+++ b/website/docs/integrations/services/apache-guacamole/index.mdx
@@ -0,0 +1,62 @@
+---
+title: Apache Guacamole™
+---
+
+## What is Apache Guacamole™
+
+From https://guacamole.apache.org/
+
+:::note
+Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+- `guacamole.company` is the FQDN of the Guacamole install.
+- `authentik.company` is the FQDN of the authentik install.
+
+Create an OAuth2/OpenID provider with the following parameters:
+
+- Client Type: `Confidential`
+- JWT Algorithm: `RS256`
+- Redirect URIs: `https://guacamole.company/` (depending on your Tomcat setup, you might have to add `/guacamole/` if the application runs in a subfolder)
+- Scopes: OpenID, Email and Profile
+
+Note the Client ID value. Create an application, using the provider you've created above.
+
+## Guacamole
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs
+  defaultValue="docker"
+  values={[
+    {label: 'Docker', value: 'docker'},
+    {label: 'Standalone', value: 'standalone'},
+  ]}>
+  <TabItem value="docker">
+    The docker containers are configured via environment variables. The following variables are required:
+
+```yaml
+OPENID_AUTHORIZATION_ENDPOINT: https://authentik.company/application/o/authorize/
+OPENID_CLIENT_ID: # client ID from above
+OPENID_ISSUER: https://authentik.company/application/o/apache-guacamole/
+OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/apache-guacamole/jwks/
+OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect URI above
+```
+  </TabItem>
+  <TabItem value="standalone">
+    Standalone Guacamole is configured using the `guacamole.properties` file. Add the following settings:
+
+```
+openid-authorization-endpoint=https://authentik.company/application/o/authorize/
+openid-client-id=# client ID from above
+openid-issuer=https://authentik.company/application/o/apache-guacamole/
+openid-jwks-endpoint=https://authentik.company/application/o/apache-guacamole/jwks/
+openid-redirect-uri=https://guacamole.company/ # This must match the redirect URI above
+```
+  </TabItem>
+</Tabs>
diff --git a/website/sidebars.js b/website/sidebars.js
index 1ecace20e..1ef5549ac 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -106,6 +106,7 @@ module.exports = {
                     type: "category",
                     label: "as Provider",
                     items: [
+                        "integrations/services/apache-guacamole/index",
                         "integrations/services/aws/index",
                         "integrations/services/awx-tower/index",
                         "integrations/services/gitlab/index",