<![CDATA[Guacamole use OpenID as default login]]>I have 2 Cloudron instances which are synced with on-premise AD servers. I have the Guacamole app installed with the location set to use the bare domain. Prior to Guacamole V2.0 package update, users would browse to the Cloudron domain, login with their AD credentials at the login page shown, and were taken straight to Guacamole. From V2.0 package update onwards, the new OIDC login feature requires users to click a tiny link in the bottom corner of the initial login page, which takes them to another login page (OpenID Login page), to then log in with their AD credentials. (To clarify for those that aren't aware, using AD credentials at the first login page no longer works).
Not sure if I am missing something - but is it possible to set the default login page for Guacamole as the OpenID login page? Or is it possible to set the default login page to use the OpenID credentials? I've had a look through the GUI settings, checked the forums and google, but come up empty. Any help is appreciated.

]]>https://forum.cloudron.io/topic/13918/guacamole-use-openid-as-default-loginRSS for NodeMon, 11 May 2026 02:36:03 GMTWed, 11 Jun 2025 12:11:40 GMT60<![CDATA[Reply to Guacamole use OpenID as default login on Mon, 23 Jun 2025 19:20:15 GMT]]>@girish true

]]>https://forum.cloudron.io/post/109196https://forum.cloudron.io/post/109196Mon, 23 Jun 2025 19:20:15 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Mon, 23 Jun 2025 18:50:11 GMT]]>I think extension-priority: openid complicates logging in as root , no? (i.e with the default admin) . I think the real issue is that guacamole login page is not well designed .

]]>https://forum.cloudron.io/post/109193https://forum.cloudron.io/post/109193Mon, 23 Jun 2025 18:50:11 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Mon, 23 Jun 2025 17:58:40 GMT]]>Hi @james, yes, I think so. Correct me if I am wrong, but Guacamole is configured to use Cloudron's OIDC Provider, so it makes sense that it would automatically take you to the OpenID login page. If you wanted to give less technically able users (like me) a choice, I'm assuming an option could be put under the Access Control section of the Guacamole app settings?

mockup.PNG

]]>https://forum.cloudron.io/post/109189https://forum.cloudron.io/post/109189Mon, 23 Jun 2025 17:58:40 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Mon, 23 Jun 2025 09:44:35 GMT]]>Hello @phsc
Awesome find! Do you think we should make this default in the Cloudron app when OIDC is used?

]]>https://forum.cloudron.io/post/109154https://forum.cloudron.io/post/109154Mon, 23 Jun 2025 09:44:35 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Sun, 22 Jun 2025 19:25:03 GMT]]>@nebulon thanks for your response. I wasn't sure if this was a Cloudron thing or a Guacamole thing, so as a paying customer I thought I would ask here first. Now focusing on the Guacamole documentation, I found the solution - its actually very easy! Not sure why I didn't stumble upon it sooner. 🤦

To redirect users immediately to the OpenID identity provider (Cloudron in this case) instead of going to the default Guacamole authentication method, requires a 1 line configuration change in the guacamole.properties file.

To do this, go to the File Manager for the Guacamole app and open the guacamole.properties file. Add a new line as shown below:

extension-priority: openid

Save and close the file, then restart the Guacamole app.

Now when browsing to the your normal Guacamole URL, you will be redirected to the OpenID login page

https://guacamole.apache.org/doc/gug/openid-auth.html#automatically-redirecting-all-unauthenticated-users
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-properties
https://docs.cloudron.io/apps/#file-manager

]]>https://forum.cloudron.io/post/109139https://forum.cloudron.io/post/109139Sun, 22 Jun 2025 19:25:03 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Sun, 22 Jun 2025 18:48:25 GMT]]>@james Thanks for your suggestion.
I currently have very basic custom branding applied, but still wasn't able to work out a solution - this is currently outside of my abilities. To confuse matters, I attempted to apply the example branding as linked in the documentation (to prove that changes were applying), but it didn't work.

]]>https://forum.cloudron.io/post/109138https://forum.cloudron.io/post/109138Sun, 22 Jun 2025 18:48:25 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Thu, 12 Jun 2025 09:14:55 GMT]]>@phsc maybe worth asking the upstream guacamole community or raise a feature request there.

]]>https://forum.cloudron.io/post/108535https://forum.cloudron.io/post/108535Thu, 12 Jun 2025 09:14:55 GMT<![CDATA[Reply to Guacamole use OpenID as default login on Thu, 12 Jun 2025 07:02:18 GMT]]>Hello @phsc
Unfortunately I am not aware of a simple way to make OIDC login as the default.
Maybe you could create a custom branding and change the login page HTML to reflect what you would like to have.
To have something like this:
47f98041-bd71-4b23-a73c-de0a7e79a03b-image.png
I just edited the HTML in the browser as a mockup.
See => https://docs.cloudron.io/packages/guacamole/#branding

]]>https://forum.cloudron.io/post/108517https://forum.cloudron.io/post/108517Thu, 12 Jun 2025 07:02:18 GMT