Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Apache Guacamole

Featured Replies

Thank you so much for following up with me @Cabé I really appreciate it. You are correct indeed. It appears that I am using the jasonbean/guacamole template which is available via the CA store. What I did after reading your response was to completely delete my ApacheGuacamole instance. I then headed over to the UR CA and installed your package. I filled in the appropriate variable and started up the container. As expected I am directed to my Authentik login screen. I fill in my credentials and am then directed to Guacamole. I am having the very same issue where all I have access to in "Settings are Active Sessions and Preferences. I cannot create new users or new connections unless I remove the EXTENSION_PRIORITY openid variable and login without Authentik

If I spin up a VM and install the Guacamole package I have no issues. I prefer to run Guacamole on my Unraid server and not on a separate VM. I do not understand why I am running into this limitiation

By the way if I access the container via it's IP address directly I can log and am able to see all of the settings menus. I created the same user as the one that I use in Authentik with no password as recommended. Still no luck!

openid limited access.jpg

openid provider.jpg

Edited by peterbatah
Added screenshot

  • Author

Well it seams something related to Authentik and docker, have you use the same network in the vm?

I'm going to try to reproduce your problem with Authentik as soon as i have time.

3 hours ago, Cabé said:

Well it seams something related to Authentik and docker, have you use the same network in the vm?

I'm going to try to reproduce your problem with Authentik as soon as i have time.

Good morning. Yes @Cabé Same network selected in both container. I also made sure that the same user that exists in both Authentik can Administer and create new connections in Guacamole. But that makes no difference when logging in via Authentik. I am not sure if I mentioned this in an earlier post but I am using DUO to authenticate my Authentik user before hitting any application.

I tried this as well but no luck: openid_username_claim_type

Thank you again for you help.

Guac Network.jpg

Auth Network.jpg

Edited by peterbatah
added link

@Cabé I believe that I have resolved my issue after days of trying to figure this out. I watched one particular video but should have paid more attention amd let the tutorial play to the end. What I should have done was to create a new user with my email address as the username and no password of course. Then I sign in to Authentik with that very same email address. Now I can see all the tabs in the settings menu inclusing the connections that I created outside of Authentik

One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens.

edit connection.jpg

error when saving.jpg

openid provider.jpg

remove openid.jpg

Edited by peterbatah

  • Author
5 hours ago, peterbatah said:

@Cabé I believe that I have resolved my issue after days of trying to figure this out. I watched one particular video but should have paid more attention amd let the tutorial play to the end. What I should have done was to create a new user with my email address as the username and no password of course. Then I sign in to Authentik with that very same email address. Now I can see all the tabs in the settings menu inclusing the connections that I created outside of Authentik

I could reproduce your problem and yes its resolved with the email that must exist in the database, tomorrow i will think in the change to use the variable openid-username-claim-type: sub , to login from Authentik with user instead of email, thank's for the help to make this docker better!

Edited by Cabé

  • Author
6 hours ago, peterbatah said:

One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens.

edit connection.jpg

error when saving.jpg

openid provider.jpg

remove openid.jpg

6 hours ago, peterbatah said:

One other issue that I seem to be having is when trying to associate an SSH connection that I have created to a connection group. For example, I created a new connection for one of my docker containers. If I edit the connection / go to the location field and choose the Linux group that I created & try to save I get a popup message that says ERROR. This is true if I try to make and modification to any parameters. Yet the user was assigned full permissions when it was created. Of course if I leave the External authentication provider(s): parameter empty / login as guacadmin I can make / save any modification without error. Another bump in the road I'm afraid. I am wondering if it may have something to do with the fact that I am using Nginx Proxy Manager and Cloudflare. Hmm the mystery deepens.

edit connection.jpg

error when saving.jpg

openid provider.jpg

remove openid.jpg

I cannot reproduce your 2nd problem, pheraps theres someting wrong in the database? Try to create other docker with other name and diferent paths in the option 'Show more settings' of the template to test a fresh install

  • Author

New docker update 1.0.5/latest:

  • New variable in guacamole.properties: openid-username-claim-type: preferred_username The claim type within any valid JWT that contains the authenticated user’s username. By default, the “email” claim type is used

  • Minor code refinements

  • Apache Tomcat 9.0.118 (2026-05-10)

  • Mai/2026 client and server official docker images

  • Mysql connector 9.6.0 -> 9.7.0

  • Postgresql connector 42.7.10 -> 42.7.11

  • MSSQL connector 13.2.1 -> 13.4.0

27 minutes ago, Cabé said:

New docker update 1.0.5/latest:

  • New variable in guacamole.properties: openid-username-claim-type: preferred_username The claim type within any valid JWT that contains the authenticated user’s username. By default, the “email” claim type is used

  • Minor code refinements

  • Apache Tomcat 9.0.118 (2026-05-10)

  • Mai/2026 client and server official docker images

  • Mysql connector 9.6.0 -> 9.7.0

  • Postgresql connector 42.7.10 -> 42.7.11

  • MSSQL connector 13.2.1 -> 13.4.0

Amazing. Awesome. That was really quick. Can I simply update my instance or will that break what I already have running? By the way I am still trying to troubleshoot my inability to make any changes to my user in Guacamole. See my screenshots.

Failed to load resource-4.jpg

Failed to load resource.jpg

Failed to load resource-3.jpg

Edited by peterbatah

  • Author

Just update your instance, Peter.

I see errors related to Authentik, yesterday I installed it for the first time and worked fine in the same internal network not tested through cloudflared.

You must install other instance off guacamole for testing porposes using other 'AppData Config Path', test acess in the internal network without cloudflare and with and without authentik, test the last problem too with the fresh database...

35 minutes ago, Cabé said:

Just update your instance, Peter.

I see errors related to Authentik, yesterday I installed it for the first time and worked fine in the same internal network not tested through cloudflared.

You must install other instance off guacamole for testing porposes using other 'AppData Config Path', test acess in the internal network without cloudflare and with and without authentik, test the last problem too with the fresh database...

Updated my instance of Guacamole and no issues so far. I will try what you suggest re: A fresh install using an alternate 'AppData Config Path'. I am not sure if I mentioned that I am using DUO which I have configured in Authentik. I doubt that this is what causing my issues but ine can never be sure.

Thank you for all that you have done. Much appreciated. Peter

Edited by peterbatah

@Cabé Good morning. I am happy to report that after following your advice I installed a new instance of Guacamole and chose an altlernate storage location. I made sure to bypass Cloudflare all together. I no longer receive error messages when attempting to make modifications of any kind. It took a while but with your time, patience, and assistance I was able to sort things out. Have a wonderful day. Peter

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.