---
title: Apache Guacamoleā„¢
---

## What is Apache Guacamoleā„¢

From https://guacamole.apache.org/

:::note
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
:::

## Preparation

The following placeholders will be used:

- `guacamole.company` is the FQDN of the Guacamole install.
- `authentik.company` is the FQDN of the authentik install.

Create an OAuth2/OpenID provider with the following parameters:

- Client Type: `Confidential`
- JWT Algorithm: `RS256`
- Redirect URIs: `https://guacamole.company/` (depending on your Tomcat setup, you might have to add `/guacamole/` if the application runs in a subfolder)
- Scopes: OpenID, Email and Profile

Note the Client ID value. Create an application, using the provider you've created above.

## Guacamole

import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

<Tabs
  defaultValue="docker"
  values={[
    {label: 'Docker', value: 'docker'},
    {label: 'Standalone', value: 'standalone'},
  ]}>
  <TabItem value="docker">
    The docker containers are configured via environment variables. The following variables are required:

```yaml
OPENID_AUTHORIZATION_ENDPOINT: https://authentik.company/application/o/authorize/
OPENID_CLIENT_ID: # client ID from above
OPENID_ISSUER: https://authentik.company/application/o/apache-guacamole/
OPENID_JWKS_ENDPOINT: https://authentik.company/application/o/apache-guacamole/jwks/
OPENID_REDIRECT_URI: https://guacamole.company/ # This must match the redirect URI above
```
  </TabItem>
  <TabItem value="standalone">
    Standalone Guacamole is configured using the `guacamole.properties` file. Add the following settings:

```
openid-authorization-endpoint=https://authentik.company/application/o/authorize/
openid-client-id=# client ID from above
openid-issuer=https://authentik.company/application/o/apache-guacamole/
openid-jwks-endpoint=https://authentik.company/application/o/apache-guacamole/jwks/
openid-redirect-uri=https://guacamole.company/ # This must match the redirect URI above
```
  </TabItem>
</Tabs>