I managed to solve the hostname issue by using Hostname: guactest.mydomain.org
in the docker compose however now the issue is the port doesn't match and it's
looking for /guacamole and not / (and it's not https)
So now the error is: ERROR c.onelogin.saml2.authn.SamlResponse - The response
was received at
http:/guactest.mydomain.org:8080/guacamole/api/ext/saml/callback instead of
https://guactest.mydomain.org:8443/api/ext/saml/callback
The problem is I can't change guacamole to port 8443 because that is what nginx
reverse proxy is listening on. I've re-read the SAML docs like 5 times, I
feel like I am missing something here, based on this experience, it seems like
SAML is not possible to use if using a reverse proxy, but that is required for
prod use.
Also, I assume the only way to change the war file to ROOT.war would be to
ditch docker and move to native install? My other option is to change to
guac.myserver.org:8443/guacamole.
Thanks for any direction anyone can point me. Should I just ditch Docker if I
want to get SAML Working? Perhaps OAuth Open Id doesn't have this strict
checking issue?
On Thursday, March 7, 2024 at 02:53:09 PM EST, Mike
<[email protected]> wrote:
Hi, I have a new Docker setup of Guacamole running in Docker with a Nginx
proxy. Everything works great but I can't get SAML working properly. The
issue is similar to other issues I found searching this mailing list archive
since the 1.4 tightened SAML validation but I couldnt find anyone with the same
issue.
My issue is that I am getting:
01:02:14.237 [http-nio-8080-exec-9] ERROR c.onelogin.saml2.authn.SamlResponse -
The response was received at
http://guacamole:8080/guacamole/api/ext/saml/callback instead of
https://guactest.mydomain.org:8443/api/ext/saml/callback
I saw in the mailing list that some people were told to change guacamole.war to
ROOT.war but I wasnt sure if that would work because the domain will still be
wrong. (alsso need to figure out how to do this running in docker).
Thanks much.
Mike
