On Thu, Apr 7, 2022 at 3:03 PM Victor Martinez <[email protected]> wrote:
> I am configuring the latest version 1.4 with SAML support. When I > authenticate, in the logs I see the following error: 17:50:07.920 > [http-nio-8080-exec-3] ERROR c.onelogin.saml2.authn.SamlResponse - The > response was received at https://miserver/guacamole/api/ext/saml/callback > instead of https ://miserver/api/ext/saml/callback 17:50:07.920 > [http-nio-8080-exec-3] WARN oagasaAssertionConsumerServiceResource - > Authentication attempted with an invalid SAML response: SAML response did > not pass validation: The response was received at > https://miserver/guacamole/api/ ext/saml/callback instead of > https://miserver/api/ext/saml/callback If I use version 1.3 , I don't > have this problem. Would you know what could be causing the error? > The 1.4.0 release tightened SAML request validation. Rather than leverage your reverse proxy to rewrite the path from "/guacamole" to "/", I would recommend just reploying the webapp at the desired path to begin with, and reconfiguring your reverse proxy accordingly. The webapp can be deployed directly at "/" by renaming the .war file to "ROOT.war". - Mike
