Sid Bose created GUACAMOLE-1603:
-----------------------------------
Summary: guacamole SAML 1.4 authentication loop
Key: GUACAMOLE-1603
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1603
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-saml
Affects Versions: 1.4.0
Reporter: Sid Bose
I have a working setup with ms app proxy in front end internet facing and
guacamole with SAML ext of 1.3 with below guacamole.properties file.
# Available as "Login URL" from the Azure Active Directory Console
saml-idp-metadata-url: file:///etc/guacamole/metadata.xml
# The Entity ID you assigned to this application
saml-entity-id: https://example.privatedomain.com
# The redirect URL
saml-callback-url: https://example-public.msappproxy.net/
saml-debug: true
Now when you use https://example-public.msappproxy.net/ it redirects to azure
for authentication and then redirects to guacamole but in the browser the URI
remains as
"https://example-public.msappproxy.net/#/?responseHash=E666C2CD34669C06776889QCJKADTAOIUD8A763FD0B77F";
But with SAML 1.4 this setup ends up in loop from ms to guacamole and back.
MS App proxy setup is exactly the same. Are there any additional config
required at guacamole or MS end?
NOTE: Just a brief MS app proxy has got both reply URI set
"https://example.privatedomain.com"; and
"https://example-public.msappproxy.net/"; but the MS app proxy one as default.
Below is the error in guacamole logs for 1.4
ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at
https://example.privatedomain.com/api/ext/saml/callback instead of
https://example-public.msappproxy.net/api/ext/saml/callback
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
