From 3f84b7ea20cc727c6348205ddaa86c0f6d0de75c Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Wed, 18 Feb 2026 14:51:15 +0100
Subject: [PATCH] added OIDC

---
 kisfenyo-system/guacamole.yaml | 52 +++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/kisfenyo-system/guacamole.yaml b/kisfenyo-system/guacamole.yaml
index 80cd8b3..3364e41 100644
--- a/kisfenyo-system/guacamole.yaml
+++ b/kisfenyo-system/guacamole.yaml
@@ -212,32 +212,32 @@ spec:
             # --- Serve at / instead of /guacamole ---
             - name: WEBAPP_CONTEXT
               value: "ROOT"
-            # --- OpenID Connect (Authentik) ---
-            # - name: OPENID_AUTHORIZATION_ENDPOINT
-            #   value: "https://authentik.dooplex.hu/application/o/authorize/"
-            # - name: OPENID_JWKS_ENDPOINT
-            #   value: "https://authentik.dooplex.hu/application/o/guacamole/jwks/"
-            # - name: OPENID_ISSUER
-            #   value: "https://authentik.dooplex.hu/application/o/guacamole/"
-            # - name: OPENID_CLIENT_ID
-            #   valueFrom:
-            #     secretKeyRef:
-            #       name: guacamole-secrets
-            #       key: openid-client-id
-            # - name: OPENID_REDIRECT_URI
-            #   value: "https://remote.dooplex.hu/"
-            # - name: OPENID_USERNAME_CLAIM_TYPE
-            #   value: "preferred_username"
-            # - name: OPENID_GROUPS_CLAIM_TYPE
-            #   value: "groups"
-            # - name: OPENID_SCOPE
-            #   value: "openid email profile"
-            # # Show both DB login form AND OIDC button on login page
-            # - name: EXTENSION_PRIORITY
-            #   value: "*, openid"
-            # # Auto-create Guacamole accounts for OIDC users
-            # - name: POSTGRESQL_AUTO_CREATE_ACCOUNTS
-            #   value: "true"
+            #--- OpenID Connect (Authentik) ---
+            - name: OPENID_AUTHORIZATION_ENDPOINT
+              value: "https://authentik.dooplex.hu/application/o/authorize/"
+            - name: OPENID_JWKS_ENDPOINT
+              value: "https://authentik.dooplex.hu/application/o/guacamole/jwks/"
+            - name: OPENID_ISSUER
+              value: "https://authentik.dooplex.hu/application/o/guacamole/"
+            - name: OPENID_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: guacamole-secrets
+                  key: openid-client-id
+            - name: OPENID_REDIRECT_URI
+              value: "https://remote.dooplex.hu/"
+            - name: OPENID_USERNAME_CLAIM_TYPE
+              value: "preferred_username"
+            - name: OPENID_GROUPS_CLAIM_TYPE
+              value: "groups"
+            - name: OPENID_SCOPE
+              value: "openid email profile"
+            # Show both DB login form AND OIDC button on login page
+            - name: EXTENSION_PRIORITY
+              value: "*, openid"
+            # Auto-create Guacamole accounts for OIDC users
+            - name: POSTGRESQL_AUTO_CREATE_ACCOUNTS
+              value: "true"
           ports:
             - containerPort: 8080
               name: http