You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu> on 2020/09/23 15:16:53 UTC
Configuring Guacamole with ADFS idp
I'm following the section in the documentation titled "Configuring Guacamole for SAML Authentication" but am unsure what needs to be done for two items:
1. The SAML-Entity-ID value, is this the URL of the server where tomcat is installed or is it where guacd is installed?
1. Does Guacamole generate a metadata file that can be imported into ADFS as a relying party trust? If not, has anyone been able to successfully integrate with ADFS that can provide quick guidance as to what to enter for the Relying Party Trust settings?
Thanks
________________________________
This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Eco-Tip: Think green before you print.
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I looked at things on the ADFS side, and in the event logs I saw that Guacamole is expecting the format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. Issue was solved by creating a Transform rule of Name ID to Email. I Used the following forum post: https://discuss.newrelic.com/t/sso-the-login-page/75259/2 . I ended up using UPN instead of Email in hopes that it can be used to lookup against groups.
Now the issue is that after being authenticated, Guacamole is not showing any of the connections. Before I had AD groups mapped in Guacamole. But with SAML it is as if the user is not a member of the group previously defined. Also I am not sure how to log in with guacadmin while SAML enabled .
From: MARTINEZ, ARIEL
Sent: Thursday, October 1, 2020 3:55 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Here is the debug logging:
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.728 [http-bio-8443-exec-4] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_51b77b70-a6ea-4da8-80b0-684d613cf0f0" Version="2.0" IssueInstant="2020-10-01T19:32:25Z" Destination="https://login.hostos.cuny.edu/adfs/ls/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://hccvclrdg01.hostos.cuny.edu:8443/guacamole/api/ext/saml/callback"><saml:Issuer>https://hccvclrdg01.hostos.cuny.edu:8443/guacamole</saml:Issuer><samlp:NameIDPolicy<https://hccvclrdg01.hostos.cuny.edu:8443/guacamole%3c/saml:Issuer%3e%3csamlp:NameIDPolicy> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /></samlp:AuthnRequest>
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.732 [http-bio-8443-exec-4] DEBUG o.a.g.a.f.FileAuthenticationProvider - Reading user mapping file: "/etc/guacamole/user-mapping.xml"
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.741 [http-bio-8443-exec-4] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 10.32.14.218 failed.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - SAML response contained other than single assertion.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - validateNumAssertions returned false.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - Exception while getting name from SAML response: Unable to validate SAML assertions.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.007 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - Received Exception while retrieving name from SAML response.
Oct 1 15:32:26 hccVCLRDG01 server: org.apache.guacamole.GuacamoleServerException: Unable to validate SAML assertions.
________________________________
From: MARTINEZ, ARIEL
Sent: Wednesday, September 30, 2020 11:09 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to sort out the logging and have more information now. Which assertions is Guacamole expecting from the identity provider (NameID, emailaddress, memberOf, etc) ? After I log into my idp and get back to Guacamole, I get an error and it says it was trying an anonymous authentication.
Also, is it correct that if SAML is going to be used, the LDAP configuration in guacamole.properties should be commented out?
Thanks
From: MARTINEZ, ARIEL
Sent: Friday, September 25, 2020 1:23 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I'm not getting redirected to my idp with the SAML extension. Does anyone know where would the SAML debug logs would be logged to by default? I couldn't see anything inside of the tomcat directory in /var/log/tomcat
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 4:52 PM
To: 'user@guacamole.apache.org' <us...@guacamole.apache.org>>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 2:30 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
Here is the debug logging:
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.728 [http-bio-8443-exec-4] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_51b77b70-a6ea-4da8-80b0-684d613cf0f0" Version="2.0" IssueInstant="2020-10-01T19:32:25Z" Destination="https://login.hostos.cuny.edu/adfs/ls/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://hccvclrdg01.hostos.cuny.edu:8443/guacamole/api/ext/saml/callback"><saml:Issuer>https://hccvclrdg01.hostos.cuny.edu:8443/guacamole</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /></samlp:AuthnRequest>
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.732 [http-bio-8443-exec-4] DEBUG o.a.g.a.f.FileAuthenticationProvider - Reading user mapping file: "/etc/guacamole/user-mapping.xml"
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.741 [http-bio-8443-exec-4] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 10.32.14.218 failed.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - SAML response contained other than single assertion.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - validateNumAssertions returned false.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - Exception while getting name from SAML response: Unable to validate SAML assertions.
Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.007 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - Received Exception while retrieving name from SAML response.
Oct 1 15:32:26 hccVCLRDG01 server: org.apache.guacamole.GuacamoleServerException: Unable to validate SAML assertions.
________________________________
From: MARTINEZ, ARIEL
Sent: Wednesday, September 30, 2020 11:09 PM
To: user@guacamole.apache.org
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to sort out the logging and have more information now. Which assertions is Guacamole expecting from the identity provider (NameID, emailaddress, memberOf, etc) ? After I log into my idp and get back to Guacamole, I get an error and it says it was trying an anonymous authentication.
Also, is it correct that if SAML is going to be used, the LDAP configuration in guacamole.properties should be commented out?
Thanks
From: MARTINEZ, ARIEL
Sent: Friday, September 25, 2020 1:23 PM
To: user@guacamole.apache.org
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I’m not getting redirected to my idp with the SAML extension. Does anyone know where would the SAML debug logs would be logged to by default? I couldn’t see anything inside of the tomcat directory in /var/log/tomcat
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 4:52 PM
To: 'user@guacamole.apache.org' <us...@guacamole.apache.org>>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 2:30 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I’ll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I was able to sort out the logging and have more information now. Which assertions is Guacamole expecting from the identity provider (NameID, emailaddress, memberOf, etc) ? After I log into my idp and get back to Guacamole, I get an error and it says it was trying an anonymous authentication.
Also, is it correct that if SAML is going to be used, the LDAP configuration in guacamole.properties should be commented out?
Thanks
From: MARTINEZ, ARIEL
Sent: Friday, September 25, 2020 1:23 PM
To: user@guacamole.apache.org
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I'm not getting redirected to my idp with the SAML extension. Does anyone know where would the SAML debug logs would be logged to by default? I couldn't see anything inside of the tomcat directory in /var/log/tomcat
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 4:52 PM
To: 'user@guacamole.apache.org' <us...@guacamole.apache.org>>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 2:30 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I'm not getting redirected to my idp with the SAML extension. Does anyone know where would the SAML debug logs would be logged to by default? I couldn't see anything inside of the tomcat directory in /var/log/tomcat
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 4:52 PM
To: 'user@guacamole.apache.org' <us...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 2:30 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 2:30 PM
To: user@guacamole.apache.org
Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors?
Thanks
From: MARTINEZ, ARIEL
Sent: Wednesday, September 23, 2020 1:40 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation:
/usr/bin/mkdir -p '/usr/lib64/freerdp2'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2'
libtool: install: warning: relinking `libguac-common-svc-client.la'
libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la )
/bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory
libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it
make[4]: *** [install-freerdpLTLIBRARIES] Error 1
make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make[1]: *** [install] Error 2
make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp'
make: *** [install-recursive] Error 1
________________________________
From: Nick Couchman <vn...@apache.org>
Sent: Wednesday, September 23, 2020 1:18 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks, I'll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it builds with SSH support.
- Check out the code from the git repo instead of downloading from the website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>
wrote:
> Thanks, I’ll give it a shot. But I have to upgrade to 1.2.0 and I am
> having the issue with guacamole server. When I run make, I get the error
> discussed here :
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
>
>
Yep, that was a bug in 1.2.0 that has been fixed for the next release
(1.3.0). There are three ways around this:
- Install the libssh2-devel package and re-configure/compile so that it
builds with SSH support.
- Check out the code from the git repo instead of downloading from the
website, which has the fix.
- Back-port the patch for the issue (it's a one-line patch) to the 1.2.0
code: https://github.com/apache/guacamole-server/pull/298.patch
-Nick
>
RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
Thanks, I’ll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html
I downloaded the package from the Apache Guacamole site.
Thanks
From: Nick Couchman <vn...@apache.org>
Sent: Wednesday, September 23, 2020 12:10 PM
To: user@guacamole.apache.org
Subject: [EXTERNAL] Re: Configuring Guacamole with ADFS idp
WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: reportspam@hostos.cuny.edu<ma...@hostos.cuny.edu>
On Wed, Sep 23, 2020 at 11:17 AM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
I’m following the section in the documentation titled “Configuring Guacamole for SAML Authentication” but am unsure what needs to be done for two items:
1. The SAML-Entity-ID value, is this the URL of the server where tomcat is installed or is it where guacd is installed?
Tomcat - it should be the URL that you use to access Guacamole Client. guacd has nothing to do with the web-based authentication done by Guacamole Client.
1. Does Guacamole generate a metadata file that can be imported into ADFS as a relying party trust? If not, has anyone been able to successfully integrate with ADFS that can provide quick guidance as to what to enter for the Relying Party Trust settings?
No, Guacamole does not generate that file. You'll need to either generate it in ADFS or use a third party utility to generate the file. I have never integrated Guacamole with ADFS so I cannot provide any insight on that - I used CAS with SAML support for testing while developing the extension.
-Nick
Re: Configuring Guacamole with ADFS idp
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Sep 23, 2020 at 11:17 AM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>
wrote:
> I’m following the section in the documentation titled “Configuring
> Guacamole for SAML Authentication” but am unsure what needs to be done for
> two items:
>
>
>
> 1. The SAML-Entity-ID value, is this the URL of the server where
> tomcat is installed or is it where guacd is installed?
>
>
Tomcat - it should be the URL that you use to access Guacamole Client.
guacd has nothing to do with the web-based authentication done by Guacamole
Client.
>
>
> 1. Does Guacamole generate a metadata file that can be imported into
> ADFS as a relying party trust? If not, has anyone been able to successfully
> integrate with ADFS that can provide quick guidance as to what to enter for
> the Relying Party Trust settings?
>
>
>
No, Guacamole does not generate that file. You'll need to either generate
it in ADFS or use a third party utility to generate the file. I have never
integrated Guacamole with ADFS so I cannot provide any insight on that - I
used CAS with SAML support for testing while developing the extension.
-Nick
>