[
https://issues.apache.org/jira/browse/GUACAMOLE-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman reopened GUACAMOLE-1603:
--------------------------------------
> guacamole SAML 1.4 authentication loop
> --------------------------------------
>
> Key: GUACAMOLE-1603
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1603
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-saml
> Affects Versions: 1.4.0
> Reporter: Sid Bose
> Priority: Major
>
> I have a working setup with ms app proxy in front end internet facing and
> guacamole with SAML ext of 1.3 with below guacamole.properties file.
> # Available as "Login URL" from the Azure Active Directory Console
> saml-idp-metadata-url: file:///etc/guacamole/metadata.xml
>
> # The Entity ID you assigned to this application
> saml-entity-id: https://example.privatedomain.com
>
> # The redirect URL
> saml-callback-url: https://example-public.msappproxy.net/
>
> saml-debug: true
> Now when you use https://example-public.msappproxy.net/ it redirects to azure
> for authentication and then redirects to guacamole but in the browser the URI
> remains as
> "https://example-public.msappproxy.net/#/?responseHash=E666C2CD34669C06776889QCJKADTAOIUD8A763FD0B77F";
>
> But with SAML 1.4 this setup ends up in loop from ms to guacamole and back.
> MS App proxy setup is exactly the same. Are there any additional config
> required at guacamole or MS end?
> NOTE: Just a brief MS app proxy has got both reply URI set
> "https://example.privatedomain.com"; and
> "https://example-public.msappproxy.net/"; but the MS app proxy one as default.
> Below is the error in guacamole logs for 1.4
> ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at
> https://example.privatedomain.com/api/ext/saml/callback instead of
> https://example-public.msappproxy.net/api/ext/saml/callback
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
