May 24May 24 Thank you so much for following up with me @Cabé I really appreciate it. You are correct indeed. It appears that I am using the jasonbean/guacamole template which is available via the CA store. What I did after reading your response was to completely delete my ApacheGuacamole instance. I then headed over to the UR CA and installed your package. I filled in the appropriate variable and started up the container. As expected I am directed to my Authentik login screen. I fill in my credentials and am then directed to Guacamole. I am having the very same issue where all I have access to in "Settings are Active Sessions and Preferences. I cannot create new users or new connections unless I remove the EXTENSION_PRIORITY openid variable and login without AuthentikIf I spin up a VM and install the Guacamole package I have no issues. I prefer to run Guacamole on my Unraid server and not on a separate VM. I do not understand why I am running into this limitiationBy the way if I access the container via it's IP address directly I can log and am able to see all of the settings menus. I created the same user as the one that I use in Authentik with no password as recommended. Still no luck! Edited May 25May 25 by peterbatah Added screenshot
May 25May 25 Author Well it seams something related to Authentik and docker, have you use the same network in the vm?I'm going to try to reproduce your problem with Authentik as soon as i have time.
May 25May 25 3 hours ago, Cabé said:Well it seams something related to Authentik and docker, have you use the same network in the vm?I'm going to try to reproduce your problem with Authentik as soon as i have time.Good morning. Yes @Cabé Same network selected in both container. I also made sure that the same user that exists in both Authentik can Administer and create new connections in Guacamole. But that makes no difference when logging in via Authentik. I am not sure if I mentioned this in an earlier post but I am using DUO to authenticate my Authentik user before hitting any application.I tried this as well but no luck: openid_username_claim_typeThank you again for you help. Edited May 25May 25 by peterbatah added link
May 25May 25 @Cabé I believe that I have resolved my issue after days of trying to figure this out. I watched one particular video but should have paid more attention amd let the tutorial play to the end. What I should have done was to create a new user with my email address as the username and no password of course. Then I sign in to Authentik with that very same email address. Now I can see all the tabs in the settings menu inclusing the connections that I created outside of Authentik
May 25May 25 One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens. Edited May 25May 25 by peterbatah
May 25May 25 Author 5 hours ago, peterbatah said:@Cabé I believe that I have resolved my issue after days of trying to figure this out. I watched one particular video but should have paid more attention amd let the tutorial play to the end. What I should have done was to create a new user with my email address as the username and no password of course. Then I sign in to Authentik with that very same email address. Now I can see all the tabs in the settings menu inclusing the connections that I created outside of AuthentikI could reproduce your problem and yes its resolved with the email that must exist in the database, tomorrow i will think in the change to use the variable openid-username-claim-type: sub , to login from Authentik with user instead of email, thank's for the help to make this docker better! Edited May 26May 26 by Cabé
May 26May 26 Author 6 hours ago, peterbatah said:One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens.6 hours ago, peterbatah said:One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens.I cannot reproduce your 2nd problem, pheraps theres someting wrong in the database? Try to create other docker with other name and diferent paths in the option 'Show more settings' of the template to test a fresh install
May 26May 26 Author New docker update 1.0.5/latest:New variable in guacamole.properties: openid-username-claim-type: preferred_username The claim type within any valid JWT that contains the authenticated user’s username. By default, the “email” claim type is usedMinor code refinementsApache Tomcat 9.0.118 (2026-05-10)Mai/2026 client and server official docker imagesMysql connector 9.6.0 -> 9.7.0Postgresql connector 42.7.10 -> 42.7.11MSSQL connector 13.2.1 -> 13.4.0
May 26May 26 27 minutes ago, Cabé said:New docker update 1.0.5/latest:New variable in guacamole.properties: openid-username-claim-type: preferred_username The claim type within any valid JWT that contains the authenticated user’s username. By default, the “email” claim type is usedMinor code refinementsApache Tomcat 9.0.118 (2026-05-10)Mai/2026 client and server official docker imagesMysql connector 9.6.0 -> 9.7.0Postgresql connector 42.7.10 -> 42.7.11MSSQL connector 13.2.1 -> 13.4.0Amazing. Awesome. That was really quick. Can I simply update my instance or will that break what I already have running? By the way I am still trying to troubleshoot my inability to make any changes to my user in Guacamole. See my screenshots. Edited May 26May 26 by peterbatah
May 26May 26 Author Just update your instance, Peter.I see errors related to Authentik, yesterday I installed it for the first time and worked fine in the same internal network not tested through cloudflared.You must install other instance off guacamole for testing porposes using other 'AppData Config Path', test acess in the internal network without cloudflare and with and without authentik, test the last problem too with the fresh database...
May 26May 26 35 minutes ago, Cabé said:Just update your instance, Peter.I see errors related to Authentik, yesterday I installed it for the first time and worked fine in the same internal network not tested through cloudflared.You must install other instance off guacamole for testing porposes using other 'AppData Config Path', test acess in the internal network without cloudflare and with and without authentik, test the last problem too with the fresh database...Updated my instance of Guacamole and no issues so far. I will try what you suggest re: A fresh install using an alternate 'AppData Config Path'. I am not sure if I mentioned that I am using DUO which I have configured in Authentik. I doubt that this is what causing my issues but ine can never be sure. Thank you for all that you have done. Much appreciated. Peter Edited May 26May 26 by peterbatah
May 27May 27 @Cabé Good morning. I am happy to report that after following your advice I installed a new instance of Guacamole and chose an altlernate storage location. I made sure to bypass Cloudflare all together. I no longer receive error messages when attempting to make modifications of any kind. It took a while but with your time, patience, and assistance I was able to sort things out. Have a wonderful day. Peter
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.