Is this a build of the SAML extension from git master and not the 1.4.0 release? The following line:
org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:327) does not refer to an actual statement in the source that's part of 1.4.0. It does refer to a statement in the development version of the source in git, in which case the NPE would suggest that the Environment is not being injected by Guice, perhaps a regression due to the recent dependency updates. - Mike On Thu, Nov 17, 2022 at 7:38 AM Michael White <[email protected]> wrote: > I'm trying to setup Guacamole with SAML for SSO. But the extension (1.4.0) > gives an unhandled error and prevents guacamole from functioning. > > I have tried with various combinations of the SAML variables. > - Providing only the metadata and callback url, > - Providing all values listed in the docs > - Saml strict on/off > > Nothing has worked so far. > > Here's my setup > > ``` > version: '3.3' > services: > guacamole: > container_name: guacamole > image: guacamole/guacamole:1.4.0 > restart: unless-stopped > environment: > GUACD_HOSTNAME: 'guacd' > POSTGRES_DATABASE: guacamole > POSTGRES_HOSTNAME: postgres > POSTGRES_PASSWORD: 'guacamole' > POSTGRES_USER: guacamole > GUACAMOLE_HOME: /data > GUACD_PORT: '4822' > EXTENSION_PRIORITY: 'saml' > SAML_IDP_METADATA_URL: ' > https://keycloak.example.com/auth/realms/master/protocol/saml/descriptor' > SAML_IDP_URL: 'https://keycloak.example.com/auth/realms/master' > SAML_ENTITY_ID: 'https://keycloak.example.com/auth/realms/master' > SAML_CALLBACK_URL: 'https://guacamole.example.com/guacamole/' > SAML_STRICT: 'false' > SAML_DEBUG: 'true' > LOGBACK_LEVEL: 'debug' > ports: > - '8888:80' > - '3333:8080' > depends_on: > - postgres > - guacd > volumes: > - ./extensions:/data/extensions > guacd: > container_name: guacd > image: guacamole/guacd > restart: unless-stopped > ports: > - '4822:4822' > postgres: > container_name: postgres > environment: > PGDATA: /var/lib/postgresql/data/guacamole > POSTGRES_DB: guacamole > POSTGRES_PASSWORD: 'guacamole' > POSTGRES_USER: guacamole > ports: > - '5432:5432' > image: postgres:13.4-buster > restart: unless-stopped > volumes: > - ./initdb.sql:/docker-entrypoint-initdb.d/initdb.sql > - pgdata:/var/lib/postgresql/data > volumes: > pgdata: > ``` > > > The error printed in the container logs > > ``` > 17-Nov-2022 14:46:24.263 INFO [main] > org.apache.catalina.startup.Catalina.start Server startup in 2676 ms > 14:46:29.521 [http-nio-8080-exec-6] WARN > o.a.g.e.AuthenticationProviderFacade - The "saml" authentication provider > has encountered an internal error which will halt the authentication > process. If this is unexpected or you are the developer of this > authentication provider, you may wish to enable debug-level logging. If > this is expected and you wish to ignore such failures in the future, please > set "skip-if-unavailable: saml" within your guacamole.properties. > 14:46:29.522 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper - > An internal error occurred, but did not contain an error message. Enable > debug-level logging for details. > 14:46:29.523 [http-nio-8080-exec-6] DEBUG o.a.g.rest.RESTExceptionMapper - > Unexpected error in REST endpoint. > java.lang.NullPointerException: null > at > > org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:327) > at > > org.apache.guacamole.auth.saml.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:111) > at > > org.apache.guacamole.auth.saml.SAMLAuthenticationProvider.authenticateUser(SAMLAuthenticationProvider.java:77) > at > > org.apache.guacamole.extension.AuthenticationProviderFacade.authenticateUser(AuthenticationProviderFacade.java:190) > at > > org.apache.guacamole.rest.auth.AuthenticationService.authenticateUser(AuthenticationService.java:174) > at > > org.apache.guacamole.rest.auth.AuthenticationService.getAuthenticatedUser(AuthenticationService.java:300) > at > > org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:453) > at > > org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at > > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > at > > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at > > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > at > > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > at > > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at > > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > at > > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511) > at > > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442) > at > > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391) > at > > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381) > at > > com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) > at > > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) > at > > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) > at > > com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) > at > > com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) > at > > com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) > at > > com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) > at > > com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) > at > com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) > at > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) > at > org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > at > org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:49) > at > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > ``` >
