Re: Guacamole 1.4.0 problem using SAML authentication

[Michael Jumper <mj...@apache.org>]

On Sat, Apr 9, 2022 at 2:50 AM Vieri <re...@yahoo.com.invalid> wrote:

> ...
> >> The 1.4.0 release tightened SAML request validation.
> >>
> >> Rather than leverage your reverse proxy to rewrite the path from
> "/guacamole" to "/", I would recommend just reploying the webapp at the
> desired path to begin with, and
> >>reconfiguring your reverse proxy accordingly. The webapp can be deployed
> directly at "/" by renaming the .war file to "ROOT.war".
>
> So with that in mind, one cannot have more than one backend on the reverse
> proxy?
>

Sure you can. You just need to make sure that the webapp's .war file
matches the path that you've specified when you registered the webapp
with your SAML IdP. If the path that the webapp is served at by Tomcat
doesn't match the publicly-visible path, then SAML validation will fail.

- Mike