Re: SAML in a loop

[Chris Jordan <cj...@webhse.com>]

Hi Mike,

I am experiencing the same issue here. I followed the suggestions posted,
but still find myself looping. Any suggestions?

On Wed, Jan 5, 2022 at 12:49 PM Tobias Heim <t....@spedion.de> wrote:

> Hi Mike,
>
> great suggestion – such a simple solution – it works with that now, thanks
> a lot!
>
>
>
> BR, Tobias
>
>
>
> *Von:* Mike Jumper <mj...@apache.org>
> *Gesendet:* Mittwoch, 5. Januar 2022 17:27
> *An:* user@guacamole.apache.org
> *Betreff:* Re: SAML in a loop
>
>
>
> On Wed, Jan 5, 2022, 06:32 Tobias Heim <t....@spedion.de> wrote:
>
> Hi Mike,
>
>
>
> Thanks a lot for your suggestions! I think it’s related to nginx, yes –
> with the X-Forwarded-Proto and X-Forwarded-Host I got further (before, it
> told me the URL for the callback would be http:/localhost:8080/…), but it
> still does not work due to the following problem:
>
>
>
> 15:24:42.905 [http-nio-8080-exec-6] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted
> with an invalid SAML response: SAML response did not pass validation: The
> response was received at https://myserver/*guacamole*/api/ext/saml/callback
> instead of https://myserver/api/ext/saml/callback
>
>
>
> Somehow I cannot get rid of the extra /guacamole/ in that path, even when
> setting all the headers you provided to me..
>
>
>
> Do you know how to do that?
>
>
>
> Instead of altering the request path within Nginx, I would rename the .war
> file to "ROOT.war". That will cause Tomcat to serve the application
> directly from "/" instead of "/guacamole".
>
>
>
> - Mike
>
>
>