You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Daniel Storey <da...@rededucation.com> on 2020/08/09 02:47:13 UTC
SAML on Guacamole 1.2
Hi Everyone,
I'm struggling to get SAML authentication working for Guacamole 1.2 with onelogin.com. I've created the following guacamole.properties file:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://<domain>.onelogin.com/
saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: https://<servername>.rededucation.com:8080/guacamole/
saml-idp-metadata-url: /home/dan/guacamole.xml
saml-debug: True
saml-strict: False
I'm following the blog at https://cloudfish.hatenablog.com/entry/2020/07/15/212107 which has been translated by Chrome into English, but I've modified the suggestions of the values to insert into guacamole.properties into lowercase and using hyphens rather than underscores.
I'm trying to get trace logging working in Guacamole to be able to determine what's happening, but I can't seem to get any traces in /var/log/tomcat9/catalina.out or /var/log/syslog.
What I'm currently seeing in the log is:
[2020-08-09 01:23:49] [info] 01:23:49.848 [http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <IP ADDRESS OF CONNECTING MACHINE> failed.
I'm not sure what to do to fix this. Any suggestions are welcome.
Cheers,
Daniel Storey
Red Education
Re: SAML on Guacamole 1.2
Posted by Dillon Christoffersen <di...@christoffersen.co.INVALID>.
I was having a similar issue - here is what my working guacamole.properties looks like:
guacd-hostname: localhost
guacd-port: 4822
#user-mapping: /etc/guacamole/user-mapping.xml
#SAML
saml-idp-url: URL FROM SAML PROVIDER
saml-entity-id: ENTITY ID FROM PROVIDER
saml-callback-url: BASE URL OF GUAC INSTALL - NOTHING ELSE SHOULD FOLLOW
saml-strict: false
saml-debug: true
mysql-hostname: SQL SERVER FQDN
mysql-port: SQL PORT
mysql-database: GUAC DATABASE
mysql-username: GUAC DATABASE USER
mysql-password: GUAC DATABASE PASSWORD
mysql-auto-create-accounts: true
I think you're having a different problem; e.g. I don't think that anonymous authentication is the actual error to look at. An authentication attempt occurs right after, so my guess is that Guac recognizes that you haven't signed in and need to sign in - then redirects you to auth provider. I would guess your actual error is a bit further down the log.
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Is something wrong with your SQL install, maybe? My only shows:
guac tomcat9[58451]: 17:42:52.529 [http-nio-8080-exec-1] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
I'd start there.
________________________________
From: Daniel Storey <da...@rededucation.com>
Sent: Sunday, August 9, 2020 6:45 AM
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Subject: Re: SAML on Guacamole 1.2
Thanks, Sebastian. You’re right – it should have been http://<servername>.rededucation.com:8080/guacamole/<http://%3cservername%3e.rededucation.com:8080/guacamole/>. I’ve updated it as well as a few other errors and it’s still not working. I’m seeing a page that says:
Please wait, redirecting to identity provider
As soon as it hits the <servername>.rededucation.com page and then it redirects to http://guacamole.rededucation.com:8080/guacamole/#/?responseHash=9D10496AD38722D9C88016835D595715C3F29F074C521103D7908E1051992770 and displays the following message:
ERROR:
“An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.”
My guacamole.properties file is now:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://red-education-dev.onelogin.com/
saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: http://guacamole.rededucation.com:8080/guacamole/
saml-idp-metadata-url: file:///home/dan/guacamole.xml
saml-debug: True
saml-strict: False
And there’s new logging material as well:
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.001 [http-nio-8080-exec-1] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_85608ff0-3593-4b14-a036-feb8caa7e8f3" Version="2.0" IssueInstant="2020-08-09T12:37:15Z" Destination="https://red-education-dev.onelogin.com/trust/saml2/http-redirect/sso/7c0aafc5-cb37-478b-b1d0-9efee78ac59c" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://guacamole.rededucation.com:8080/guacamole/api/ext/saml/callback#/"><saml:Issuer>https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /></samlp:AuthnRequest>
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.006 [http-nio-8080-exec-1] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 172.31.0.5 failed.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.586 [http-nio-8080-exec-4] DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has NameID --> daniel.storey@rededucation.com
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.590 [http-nio-8080-exec-4] DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes: {User.FirstName=[Daniel], User.LastName=[Storey], User.email=[daniel.storey@rededucation.com], memberOf=[], PersonImmutableID=[dan@rededucation.com]}
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.594 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "daniel.storey@rededucation.com" successfully authenticated from 172.31.0.5.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.641 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.652 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.659 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.679 [http-nio-8080-exec-4] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.684 [http-nio-8080-exec-4] DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint.
Aug 9 12:37:18 guacamole tomcat9[1278]: org.apache.ibatis.exceptions.PersistenceException:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?)
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.SqlSessionManager$SqlSessionInterceptor.invoke(SqlSessionManager.java:350)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.proxy.$Proxy35.insert(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.SqlSessionManager.insert(SqlSessionManager.java:236)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.proxy.$Proxy37.insertAttributes(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService.updateObject(ModeledDirectoryObjectService.java:510)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:37)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.setKey(UserVerificationService.java:184)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.getKey(UserVerificationService.java:116)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.verifyIdentity(UserVerificationService.java:234)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.TOTPAuthenticationProvider.decorate(TOTPAuthenticationProvider.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.extension.AuthenticationProviderFacade.decorate(AuthenticationProviderFacade.java:355)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecoratedUserContext.decorate(DecoratedUserContext.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecoratedUserContext.<init>(DecoratedUserContext.java:233)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecorationService.decorate(DecorationService.java:88)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.AuthenticationService.getUserContexts(AuthenticationService.java:409)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:454)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.Thread.run(Thread.java:834)
Aug 9 12:37:18 guacamole tomcat9[1278]: Caused by: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:46)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:50)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011... 71 common frames omitted
Aug 9 12:37:25 guacamole tomcat9[1278]: 12:37:25.668 [pool-4-thread-1] DEBUG o.a.g.a.t.u.CodeUsageTrackingService - TOTP tracking cleanup check completed in 0 ms.
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.293 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions...
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.294 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms.
It looks as though it’s trying to create an entry in the mysql Database that’s all null values:
(user_id, attribute_name, attribute_value) VALUES (?, ?, ?), (?, ?, ?)
Cheers,
Daniel Storey
Red Education
From: Sebastian Männling <se...@qubestack.org>
Reply to: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Date: Sunday, 9 August 2020 at 3:45 pm
To: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Subject: Re: SAML on Guacamole 1.2
Hi,
I never set up saml on guacamole, but what looks “suspicious” to me is your callback url... port 8080 is usually not https (unless you explicitly set it up like that.)
On 9. Aug 2020, at 04:47, Daniel Storey <da...@rededucation.com> wrote:
Hi Everyone,
I’m struggling to get SAML authentication working for Guacamole 1.2 with onelogin.com. I’ve created the following guacamole.properties file:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://<domain>.onelogin.com/
saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: https://<servername>.rededucation.com:8080/guacamole/
saml-idp-metadata-url: /home/dan/guacamole.xml
saml-debug: True
saml-strict: False
http://guacamole.rededucation.com:8080/guacamole/#/
I’m following the blog at https://cloudfish.hatenablog.com/entry/2020/07/15/212107 which has been translated by Chrome into English, but I’ve modified the suggestions of the values to insert into guacamole.properties into lowercase and using hyphens rather than underscores.
I’m trying to get trace logging working in Guacamole to be able to determine what’s happening, but I can’t seem to get any traces in /var/log/tomcat9/catalina.out or /var/log/syslog.
What I’m currently seeing in the log is:
[2020-08-09 01:23:49] [info] 01:23:49.848 [http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <IP ADDRESS OF CONNECTING MACHINE> failed.
I’m not sure what to do to fix this. Any suggestions are welcome.
Cheers,
Daniel Storey
Red Education
Re: SAML on Guacamole 1.2
Posted by Daniel Storey <da...@rededucation.com>.
Thanks, Sebastian. You’re right – it should have been http://<servername>.rededucation.com:8080/guacamole/<http://%3cservername%3e.rededucation.com:8080/guacamole/>. I’ve updated it as well as a few other errors and it’s still not working. I’m seeing a page that says:
Please wait, redirecting to identity provider
As soon as it hits the <servername>.rededucation.com page and then it redirects to http://guacamole.rededucation.com:8080/guacamole/#/?responseHash=9D10496AD38722D9C88016835D595715C3F29F074C521103D7908E1051992770 and displays the following message:
ERROR:
“An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.”
My guacamole.properties file is now:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://red-education-dev.onelogin.com/
saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: http://guacamole.rededucation.com:8080/guacamole/
saml-idp-metadata-url: file:///home/dan/guacamole.xml
saml-debug: True
saml-strict: False
And there’s new logging material as well:
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.001 [http-nio-8080-exec-1] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_85608ff0-3593-4b14-a036-feb8caa7e8f3" Version="2.0" IssueInstant="2020-08-09T12:37:15Z" Destination="https://red-education-dev.onelogin.com/trust/saml2/http-redirect/sso/7c0aafc5-cb37-478b-b1d0-9efee78ac59c" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://guacamole.rededucation.com:8080/guacamole/api/ext/saml/callback#/"><saml:Issuer>https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /></samlp:AuthnRequest>
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.006 [http-nio-8080-exec-1] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 172.31.0.5 failed.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.586 [http-nio-8080-exec-4] DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has NameID --> daniel.storey@rededucation.com
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.590 [http-nio-8080-exec-4] DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes: {User.FirstName=[Daniel], User.LastName=[Storey], User.email=[daniel.storey@rededucation.com], memberOf=[], PersonImmutableID=[dan@rededucation.com]}
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.594 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "daniel.storey@rededucation.com" successfully authenticated from 172.31.0.5.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.641 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.652 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.659 [http-nio-8080-exec-4] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.679 [http-nio-8080-exec-4] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.684 [http-nio-8080-exec-4] DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint.
Aug 9 12:37:18 guacamole tomcat9[1278]: org.apache.ibatis.exceptions.PersistenceException:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?)
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.SqlSessionManager$SqlSessionInterceptor.invoke(SqlSessionManager.java:350)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.proxy.$Proxy35.insert(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.SqlSessionManager.insert(SqlSessionManager.java:236)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.proxy.$Proxy37.insertAttributes(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService.updateObject(ModeledDirectoryObjectService.java:510)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:37)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.setKey(UserVerificationService.java:184)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.getKey(UserVerificationService.java:116)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.user.UserVerificationService.verifyIdentity(UserVerificationService.java:234)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.auth.totp.TOTPAuthenticationProvider.decorate(TOTPAuthenticationProvider.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.extension.AuthenticationProviderFacade.decorate(AuthenticationProviderFacade.java:355)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecoratedUserContext.decorate(DecoratedUserContext.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecoratedUserContext.<init>(DecoratedUserContext.java:233)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.DecorationService.decorate(DecorationService.java:88)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.AuthenticationService.getUserContexts(AuthenticationService.java:409)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:454)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at java.base/java.lang.Thread.run(Thread.java:834)
Aug 9 12:37:18 guacamole tomcat9[1278]: Caused by: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:46)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:50)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011... 71 common frames omitted
Aug 9 12:37:25 guacamole tomcat9[1278]: 12:37:25.668 [pool-4-thread-1] DEBUG o.a.g.a.t.u.CodeUsageTrackingService - TOTP tracking cleanup check completed in 0 ms.
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.293 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions...
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.294 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms.
It looks as though it’s trying to create an entry in the mysql Database that’s all null values:
(user_id, attribute_name, attribute_value) VALUES (?, ?, ?), (?, ?, ?)
Cheers,
Daniel Storey
Red Education
From: Sebastian Männling <se...@qubestack.org>
Reply to: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Date: Sunday, 9 August 2020 at 3:45 pm
To: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Subject: Re: SAML on Guacamole 1.2
Hi,
I never set up saml on guacamole, but what looks “suspicious” to me is your callback url... port 8080 is usually not https (unless you explicitly set it up like that.)
On 9. Aug 2020, at 04:47, Daniel Storey <da...@rededucation.com> wrote:
Hi Everyone,
I’m struggling to get SAML authentication working for Guacamole 1.2 with onelogin.com. I’ve created the following guacamole.properties file:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://<domain>.onelogin.com/
saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: https://<servername>.rededucation.com:8080/guacamole/
saml-idp-metadata-url: /home/dan/guacamole.xml
saml-debug: True
saml-strict: False
http://guacamole.rededucation.com:8080/guacamole/#/
I’m following the blog at https://cloudfish.hatenablog.com/entry/2020/07/15/212107 which has been translated by Chrome into English, but I’ve modified the suggestions of the values to insert into guacamole.properties into lowercase and using hyphens rather than underscores.
I’m trying to get trace logging working in Guacamole to be able to determine what’s happening, but I can’t seem to get any traces in /var/log/tomcat9/catalina.out or /var/log/syslog.
What I’m currently seeing in the log is:
[2020-08-09 01:23:49] [info] 01:23:49.848 [http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <IP ADDRESS OF CONNECTING MACHINE> failed.
I’m not sure what to do to fix this. Any suggestions are welcome.
Cheers,
Daniel Storey
Red Education
Re: SAML on Guacamole 1.2
Posted by Sebastian Männling <se...@qubestack.org>.
Hi,
I never set up saml on guacamole, but what looks “suspicious” to me is your callback url... port 8080 is usually not https (unless you explicitly set it up like that.)
> On 9. Aug 2020, at 04:47, Daniel Storey <da...@rededucation.com> wrote:
>
>
> Hi Everyone,
>
> I’m struggling to get SAML authentication working for Guacamole 1.2 with onelogin.com. I’ve created the following guacamole.properties file:
>
> # GuacD properties
> guacd-hostname: localhost
> guacd-port: 4822
> user-mapping: /etc/guacamole/user-mapping.xml
> # MySQL properties
> mysql-hostname: localhost
> mysql-port: 3306
> mysql-database: guacamole_db
> mysql-username: guacamole_user
> mysql-password: pWAR53fht786!@#
> # SAML Properties
> saml-idp-url: https://<domain>.onelogin.com/
> saml-entity-id: https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
> saml-callback-url: https://<servername>.rededucation.com:8080/guacamole/
> saml-idp-metadata-url: /home/dan/guacamole.xml
> saml-debug: True
> saml-strict: False
>
> I’m following the blog at https://cloudfish.hatenablog.com/entry/2020/07/15/212107 which has been translated by Chrome into English, but I’ve modified the suggestions of the values to insert into guacamole.properties into lowercase and using hyphens rather than underscores.
>
> I’m trying to get trace logging working in Guacamole to be able to determine what’s happening, but I can’t seem to get any traces in /var/log/tomcat9/catalina.out or /var/log/syslog.
>
> What I’m currently seeing in the log is:
>
> [2020-08-09 01:23:49] [info] 01:23:49.848 [http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <IP ADDRESS OF CONNECTING MACHINE> failed.
>
> I’m not sure what to do to fix this. Any suggestions are welcome.
>
> Cheers,
>
> Daniel Storey
> Red Education
>
>