I copied it from /opt/guacamole in the container into my data directory. On Thu, Nov 17, 2022 at 2:09 PM Michael Jumper <[email protected]> wrote:
> Is this a build of the SAML extension from git master and not the 1.4.0 > release? The following line: > > > > org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:327) > > does not refer to an actual statement in the source that's part of 1.4.0. > It does refer to a statement in the development version of the source in > git, in which case the NPE would suggest that the Environment is not being > injected by Guice, perhaps a regression due to the recent dependency > updates. > > - Mike > > On Thu, Nov 17, 2022 at 7:38 AM Michael White <[email protected]> > wrote: > > > I'm trying to setup Guacamole with SAML for SSO. But the extension > (1.4.0) > > gives an unhandled error and prevents guacamole from functioning. > > > > I have tried with various combinations of the SAML variables. > > - Providing only the metadata and callback url, > > - Providing all values listed in the docs > > - Saml strict on/off > > > > Nothing has worked so far. > > > > Here's my setup > > > > ``` > > version: '3.3' > > services: > > guacamole: > > container_name: guacamole > > image: guacamole/guacamole:1.4.0 > > restart: unless-stopped > > environment: > > GUACD_HOSTNAME: 'guacd' > > POSTGRES_DATABASE: guacamole > > POSTGRES_HOSTNAME: postgres > > POSTGRES_PASSWORD: 'guacamole' > > POSTGRES_USER: guacamole > > GUACAMOLE_HOME: /data > > GUACD_PORT: '4822' > > EXTENSION_PRIORITY: 'saml' > > SAML_IDP_METADATA_URL: ' > > https://keycloak.example.com/auth/realms/master/protocol/saml/descriptor > ' > > SAML_IDP_URL: 'https://keycloak.example.com/auth/realms/master' > > SAML_ENTITY_ID: 'https://keycloak.example.com/auth/realms/master' > > SAML_CALLBACK_URL: 'https://guacamole.example.com/guacamole/' > > SAML_STRICT: 'false' > > SAML_DEBUG: 'true' > > LOGBACK_LEVEL: 'debug' > > ports: > > - '8888:80' > > - '3333:8080' > > depends_on: > > - postgres > > - guacd > > volumes: > > - ./extensions:/data/extensions > > guacd: > > container_name: guacd > > image: guacamole/guacd > > restart: unless-stopped > > ports: > > - '4822:4822' > > postgres: > > container_name: postgres > > environment: > > PGDATA: /var/lib/postgresql/data/guacamole > > POSTGRES_DB: guacamole > > POSTGRES_PASSWORD: 'guacamole' > > POSTGRES_USER: guacamole > > ports: > > - '5432:5432' > > image: postgres:13.4-buster > > restart: unless-stopped > > volumes: > > - ./initdb.sql:/docker-entrypoint-initdb.d/initdb.sql > > - pgdata:/var/lib/postgresql/data > > volumes: > > pgdata: > > ``` > > > > > > The error printed in the container logs > > > > ``` > > 17-Nov-2022 14:46:24.263 INFO [main] > > org.apache.catalina.startup.Catalina.start Server startup in 2676 ms > > 14:46:29.521 [http-nio-8080-exec-6] WARN > > o.a.g.e.AuthenticationProviderFacade - The "saml" authentication > provider > > has encountered an internal error which will halt the authentication > > process. If this is unexpected or you are the developer of this > > authentication provider, you may wish to enable debug-level logging. If > > this is expected and you wish to ignore such failures in the future, > please > > set "skip-if-unavailable: saml" within your guacamole.properties. > > 14:46:29.522 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper > - > > An internal error occurred, but did not contain an error message. Enable > > debug-level logging for details. > > 14:46:29.523 [http-nio-8080-exec-6] DEBUG o.a.g.rest.RESTExceptionMapper > - > > Unexpected error in REST endpoint. > > java.lang.NullPointerException: null > > at > > > > > org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:327) > > at > > > > > org.apache.guacamole.auth.saml.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:111) > > at > > > > > org.apache.guacamole.auth.saml.SAMLAuthenticationProvider.authenticateUser(SAMLAuthenticationProvider.java:77) > > at > > > > > org.apache.guacamole.extension.AuthenticationProviderFacade.authenticateUser(AuthenticationProviderFacade.java:190) > > at > > > > > org.apache.guacamole.rest.auth.AuthenticationService.authenticateUser(AuthenticationService.java:174) > > at > > > > > org.apache.guacamole.rest.auth.AuthenticationService.getAuthenticatedUser(AuthenticationService.java:300) > > at > > > > > org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:453) > > at > > > > > org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > > > > > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > > at > > > > > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > > at > > > > > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > > at > > > > > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > > at > > > > > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > > at > > > > > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > > at > > > > > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > > at > > > > > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511) > > at > > > > > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442) > > at > > > > > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391) > > at > > > > > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381) > > at > > > > > com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) > > at > > > > > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) > > at > > > > > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) > > at > > > > > com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) > > at > > > > > com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) > > at > > > > > com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) > > at > > > > > com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) > > at > > > > > com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) > > at > > com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > > at > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > > at > > > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) > > at > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) > > at > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > > at > > > > > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) > > at > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > > at > > > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) > > at > > > > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at > > > > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) > > at > > org.apache.tomcat.util.net > > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > > at > > org.apache.tomcat.util.net > > .SocketProcessorBase.run(SocketProcessorBase.java:49) > > at > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > at > > > > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:748) > > ``` > > >
