Bryce Prutsos created GUACAMOLE-1528:
----------------------------------------
Summary: [Docker Version] SAML extension validating
Key: GUACAMOLE-1528
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1528
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-saml
Affects Versions: 1.4.0
Environment: Docker
Reporter: Bryce Prutsos
I am trying to configure SAML but the error it gives doesn't really help.
Specifically error [https-openssl-nio-8080-exec-7] WARN
o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an
invalid SAML response: SAML response did not pass validation: Signature
validation failed. SAML Response rejected.
I am guessing it has to do with the x509 cert between the idp and guacamole but
there is nowhere to specify settings.
for the I have the following
extension-priority: *, saml
saml-debug: true
saml-strict: false
saml-idp-url: https://login.localhost.com/sso/go.ashx
saml-entity-id: https://guac.localhost.com:8080/
saml-callback-url: https://guac.localhost.com:8080
mysql-auto-create-accounts: true
LOGS BELOW
05:31:21.596 [main] INFO o.a.g.extension.ExtensionModule - Extension "SAML
Authentication Extension" (saml) loaded.
05:31:21.694 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356
WebSocket support...
05:31:22.103 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext
implementation could not be found. WADL feature is disabled.
03-Feb-2022 05:31:22.308 INFO [main]
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application
archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [3,099] ms
03-Feb-2022 05:31:22.312 INFO [main] org.apache.coyote.AbstractProtocol.start
Starting ProtocolHandler ["https-openssl-nio-8080"]
03-Feb-2022 05:31:22.342 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [3171] milliseconds
05:31:43.515 [https-openssl-nio-8080-exec-5] INFO com.onelogin.saml2.util.Util
- Found a deprecated algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1
related to the Signature element, consider requesting a more robust algorithm
05:31:43.518 [https-openssl-nio-8080-exec-5] ERROR
c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
Response rejected
05:31:43.518 [https-openssl-nio-8080-exec-5] WARN
o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an
invalid SAML response: SAML response did not pass validation: Signature
validation failed. SAML Response rejected
05:31:53.360 [https-openssl-nio-8080-exec-7] INFO com.onelogin.saml2.util.Util
- Found a deprecated algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1
related to the Signature element, consider requesting a more robust algorithm
05:31:53.360 [https-openssl-nio-8080-exec-7] ERROR
c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
Response rejected
05:31:53.360 [https-openssl-nio-8080-exec-7] WARN
o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an
invalid SAML response: SAML response did not pass validation: Signature
validation failed. SAML Response rejected
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
