Here is the debug logging:
Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.728 [http-bio-8443-exec-4] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_51b77b70-a6ea-4da8-80b0-684d613cf0f0" Version="2.0" IssueInstant="2020-10-01T19:32:25Z" Destination="https://login.hostos.cuny.edu/adfs/ls/"; ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://hccvclrdg01.hostos.cuny.edu:8443/guacamole/api/ext/saml/callback";><saml:Issuer>https://hccvclrdg01.hostos.cuny.edu:8443/guacamole</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" /></samlp:AuthnRequest> Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.732 [http-bio-8443-exec-4] DEBUG o.a.g.a.f.FileAuthenticationProvider - Reading user mapping file: "/etc/guacamole/user-mapping.xml" Oct 1 15:32:25 hccVCLRDG01 server: 15:32:25.741 [http-bio-8443-exec-4] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 10.32.14.218 failed. Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - SAML response contained other than single assertion. Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - validateNumAssertions returned false. Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.004 [http-bio-8443-exec-2] WARN o.a.g.a.s.AuthenticationProviderService - Exception while getting name from SAML response: Unable to validate SAML assertions. Oct 1 15:32:26 hccVCLRDG01 server: 15:32:26.007 [http-bio-8443-exec-2] DEBUG o.a.g.a.s.AuthenticationProviderService - Received Exception while retrieving name from SAML response. Oct 1 15:32:26 hccVCLRDG01 server: org.apache.guacamole.GuacamoleServerException: Unable to validate SAML assertions. ________________________________ From: MARTINEZ, ARIEL Sent: Wednesday, September 30, 2020 11:09 PM To: user@guacamole.apache.org Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp I was able to sort out the logging and have more information now. Which assertions is Guacamole expecting from the identity provider (NameID, emailaddress, memberOf, etc) ? After I log into my idp and get back to Guacamole, I get an error and it says it was trying an anonymous authentication. Also, is it correct that if SAML is going to be used, the LDAP configuration in guacamole.properties should be commented out? Thanks From: MARTINEZ, ARIEL Sent: Friday, September 25, 2020 1:23 PM To: user@guacamole.apache.org Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp I’m not getting redirected to my idp with the SAML extension. Does anyone know where would the SAML debug logs would be logged to by default? I couldn’t see anything inside of the tomcat directory in /var/log/tomcat Thanks From: MARTINEZ, ARIEL Sent: Wednesday, September 23, 2020 4:52 PM To: 'user@guacamole.apache.org' <user@guacamole.apache.org<mailto:user@guacamole.apache.org>> Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp For the SSO, in general, is there a URL that Guacamole is using for SAML once the SAML extension is loaded? If not, is it just the Guacamole URL? Thanks From: MARTINEZ, ARIEL Sent: Wednesday, September 23, 2020 2:30 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: RE: [EXTERNAL] Re: Configuring Guacamole with ADFS idp I just reran the command that it referenced and after running make install again it completed without errors. So I think things should be good to with the upgrade part. Just in case, where would the guacd log file be to check on any potential errors? Thanks From: MARTINEZ, ARIEL Sent: Wednesday, September 23, 2020 1:40 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp I was able to get past that error, but when I ran make install, I got the following error below. I am upgrading by running on top of an existing installation: /usr/bin/mkdir -p '/usr/lib64/freerdp2' /bin/sh ../../../libtool --mode=install /usr/bin/install -c libguac-common-svc-client.la libguacai-client.la '/usr/lib64/freerdp2' libtool: install: warning: relinking `libguac-common-svc-client.la' libtool: install: (cd /home/user/Downloads/guacamole-server-1.2.0/src/protocols/rdp; /bin/sh /home/user/Downloads/guacamole-server-1.2.0/libtool --silent --tag CC --mode=relink gcc -std=gnu99 -Werror -Wall -Iinclude -I../../../src/libguac -I/usr/include/freerdp2/ -I/usr/include/winpr2 -g -O2 -module -avoid-version -shared -lfreerdp2 -lfreerdp-client2 -lwinpr2 -o libguac-common-svc-client.la -rpath /usr/lib64/freerdp2 plugins/guac-common-svc/libguac_common_svc_client_la-guac-common-svc.lo ../../../src/libguac/libguac.la ) /bin/sh: /home/user/Downloads/guacamole-server-1.2.0/libtool: No such file or directory libtool: install: error: relink `libguac-common-svc-client.la' with the above command before installing it make[4]: *** [install-freerdpLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/.local/share/Trash/files/guacamole-server-1.2.0/src/protocols/rdp' make: *** [install-recursive] Error 1 ________________________________ From: Nick Couchman <vn...@apache.org<mailto:vn...@apache.org>> Sent: Wednesday, September 23, 2020 1:18 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: [EXTERNAL] Re: Configuring Guacamole with ADFS idp On Wed, Sep 23, 2020 at 12:42 PM MARTINEZ, ARIEL <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>> wrote: Thanks, I’ll give it a shot. But I have to upgrade to 1.2.0 and I am having the issue with guacamole server. When I run make, I get the error discussed here : http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/1-2-server-build-fail-on-el7-and-el8-td8848.html Yep, that was a bug in 1.2.0 that has been fixed for the next release (1.3.0). There are three ways around this: - Install the libssh2-devel package and re-configure/compile so that it builds with SSH support. - Check out the code from the git repo instead of downloading from the website, which has the fix. - Back-port the patch for the issue (it's a one-line patch) to the 1.2.0 code: https://github.com/apache/guacamole-server/pull/298.patch -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
