On Thu, Sep 28, 2017 at 12:20 PM, Colin McGuigan < colin_guacam...@walkingshadows.org> wrote:
> Nick; > > Thanks for all your help. Let me elaborate. > > When I say I have a REST service, it's just as you described -- a WS > annotated class that is returned from the authentication provider's > getResource method. I can call this REST service just fine, and know that > it works. > > Very nice. > This service takes in as POST (from the SAML identity provider), calls the > existing /api/tokens endpoint, passing all of the same content, and > receives > a Guacamole authentication token -- ie, the user is know authenticated by > Guacamole (specifically by my authentication provider), and is stored in > the > session. This also works. I receive the token just fine. > > The problem is I need to pass this token, somehow, to the Guacamole UI so > that when it calls /api/tokens itself, it can pass in the same token. The > essentials of the REST method: > > @POST > @Path("/postredirect") > public Response redirectSamlPostToGet(@Context HttpServletRequest > request, String content) throws GuacamoleException, URISyntaxException { > try { > String token = callTokenService(request, content); > return Response.seeOther(new URI("http:// > <site>/guacamole/#/token=" + > token)).build(); > } catch (Exception e) { > logger.error("Error occurred in postredirect", e); > throw new RuntimeException(e); > } > } > > There is no errors in the logs. In network traffic I see the redirect > happen correctly. However, Guacamole is ignoring the token=<token> portion > of the URL. I've tried using id_token instead, but that is also ignored. > > What if you try: return Response.seeOther(new URI("http://<site>/guacamole/#/?token=" + token)).build(); (Add the ? between the token parameter and the Guacamole URL). Does that work? -Nick