Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/254#discussion_r168858953
--- Diff:
extensions/guacamole-auth-saml/src/main/java/org/apache/guacamole/auth/saml/SAMLAuthenticationProviderResource.java
---
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.saml;
+
+import com.google.inject.Inject;
+import com.onelogin.saml2.util.Util;
+import java.net.URI;
+import java.net.URISyntaxException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.Path;
+import javax.ws.rs.POST;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.auth.saml.conf.ConfigurationService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A class that implements the REST API necessary for the
+ * SAML Idp to POST back its response to Guacamole.
+ */
+public class SAMLAuthenticationProviderResource {
+
+ /**
+ * The Logger for the class.
+ */
+ private final Logger logger =
LoggerFactory.getLogger(SAMLAuthenticationProviderResource.class);
+
+ /**
+ * The configuration service for this module.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * A REST endpoint that is POSTed to by the SAML Idp
+ * with the results of the SAML SSO Authentication.
+ */
+ @POST
+ @Path("callback")
+ public Response processSamlResponse(@FormParam("SAMLResponse") String
samlResponse)
+ throws GuacamoleException {
+
+ String guacBase = confService.getCallbackUrl().toString();
+ try {
+ Response redirectHome = Response.seeOther(
+ new URI(guacBase + "?SAMLResponse=" +
Util.urlEncoder(samlResponse))).build();
+ return redirectHome;
--- End diff --
This works okay; however, this redirect tends to cause issues with header
size in my testing - I'm using the CAS SAML IdP, and I had to bump up the
maxHttpHeaderSize on Tomcat and then the proxy_buffer_size and
proxy_busy_buffers_size parameter in Nginx to get this to work. It does work
reliably, but not sure if this is the best way to go, or if I should try to
process the SAML response directly in here?
---
