Hi Nick, For the below, the connection is not going through a nginx server. Tried checking on the ADFS server but did not see any connection from the guacamole server hitting through.
Below is what i see on the catalina.out on the server when i clicked on the SAML option at the bottom of the webpage. Is there any other place where I should be able to find logs relating to this error for me to proceed further ? [2024-10-28 15:53:26] [info] 23:53:26.288 [https-openssl-nio-443-exec-5] WARN o.a.g.e.AuthenticationProviderFacade - The "saml" authentication provider has been skipped due to an internal error. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging: null [2024-10-28 15:53:26] [info] 23:53:26.288 [https-openssl-nio-443-exec-5] DEBUG o.a.g.e.AuthenticationProviderFacade - Authentication provider skipped due to an internal failure. [2024-10-28 15:53:26] [info] java.lang.NullPointerException: null [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:361) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.saml.acs.SAMLService.createRequest(SAMLService.java:77) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.saml.AuthenticationProviderService.getLoginURI(AuthenticationProviderService.java:109) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.saml.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:100) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.saml.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:45) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.auth.sso.SSOAuthenticationProvider.authenticateUser(SSOAuthenticationProvider.java:152) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.extension.AuthenticationProviderFacade.authenticateUser(AuthenticationProviderFacade.java:190) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.rest.auth.AuthenticationService.authenticateUser(AuthenticationService.java:187) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.rest.auth.AuthenticationService.getAuthenticatedUser(AuthenticationService.java:313) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:466) [2024-10-28 15:53:26] [info] #011at org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174) [2024-10-28 15:53:26] [info] #011at jdk.internal.reflect.GeneratedMethodAccessor71.invoke(Unknown Source) [2024-10-28 15:53:26] [info] #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [2024-10-28 15:53:26] [info] #011at java.base/java.lang.reflect.Method.invoke(Method.java:566) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:146) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:189) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:93) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:478) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:400) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:256) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:235) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:359) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:312) [2024-10-28 15:53:26] [info] #011at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121) [2024-10-28 15:53:26] [info] #011at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [2024-10-28 15:53:26] [info] #011at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) [2024-10-28 15:53:26] [info] #011at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) [2024-10-28 15:53:26] [info] #011at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [2024-10-28 15:53:26] [info] #011at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) [2024-10-28 15:53:26] [info] #011at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) [2024-10-28 15:53:26] [info] #011at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [2024-10-28 15:53:26] [info] #011at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [2024-10-28 15:53:26] [info] #011at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [2024-10-28 15:53:26] [info] #011at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) Regards, TR On Mon, 28 Oct 2024, 11:43 pm Nick Couchman, <vn...@apache.org> wrote: > On Sun, Oct 27, 2024 at 10:46 AM TianRong Ong <tianrong....@gmail.com> > wrote: > >> Hi, >> >> Have been trying to setup SSO SAML on Guacamole with Microsoft ADFS. >> >> have downloaded the file >> https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-auth-sso-1.5.5.tar.gz >> . >> >> and have copied the guacamole-auth-sso-saml-1.5.5.jar to the folder >> /etc/guacamole/extensions >> as well as the below into guacamole.properties. >> >> #for saml >> saml.service.provider.entity.id: https://guacserver01/guacamole >> saml-entity-id: https://guacserver01/guacamole >> saml-callback-url: https://guacserver01/guacamole >> saml-debug: true >> saml.idp.metadata-url= >> https://ADFS.contoso.dom/adfs/federationmetadata/2007-06/federationmetadata.xml >> <https://adfs.contoso.dom/adfs/federationmetadata/2007-06/federationmetadata.xml> >> saml.idp.entity-id=http://ADFS.contoso.dom/adfs/services/trust >> <http://adfs.contoso.dom/adfs/services/trust> >> saml.idp.sso-url=https://ADFS.contoso.dom/adfs/ls/ >> <https://adfs.contoso.dom/adfs/ls/> >> saml.idp.logout-url=https://ADFS.contoso.dom/adfs/logout >> <https://adfs.contoso.dom/adfs/logout> >> >> however with each click into the SAML there is this error on the SAML >> page >> https://guacserver01.contoso.dom/guacamole/api/ext/saml/login >> >> { >> "message": "Unexpected internal error", >> "translatableMessage": { >> "key": "APP.TEXT_UNTRANSLATED", >> "variables": { >> "MESSAGE": "Unexpected internal error" >> } >> }, >> "statusCode": null, >> "expected": null, >> "type": "INTERNAL_ERROR" >> } >> >> What have I not done or done wrong here ? any advice ? >> >> > Well, you'll likely need to examine the logs for Guacamole and possibly > the IdP to see exactly what's happening, but I think the most frequent > issue we've encountered on the list with this occurs when you're using > Guacamole behind a reverse proxy, and that reverse proxy does not maintain > the "https" protocol/scheme on the URL and switches it back to "http". Make > sure your reverse proxy, if you're using one, is configured set the scheme > header - here's a sample Nginx one: > > location / { > proxy_pass http://127.0.0.1:8080; > proxy_buffering off; > proxy_http_version 1.1; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $http_connection; > access_log off; > } > > -Nick > >>
