[
https://issues.apache.org/jira/browse/GUACAMOLE-1528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17493271#comment-17493271
]
Bap commented on GUACAMOLE-1528:
--------------------------------
Hi all,
I've tried to deploy guacamole on Docker to enable SAML extension to integrate
to *Azure AD*
following guide: [https://github.com/apache/guacamole-client/pull/615]
on Azure AD I did the following guide
[https://support.netfoundry.io/hc/en-us/articles/4415184226189-Connect-to-any-app-with-NetFoundry-using-Azure-AD-for-authentication-Example-Apache-Guacamole]
In properties file:
#login URL
saml-idp-url:
'https://login.microsoftonline.com/183c08f8-f7ed-4c8e-aa41-a2caf3140a61/saml2/'
saml-entity-id: 'https://daas.vp123xyz.com/portal'
saml-callback-url: 'https://daas.vp123xyz.com/portal'
docker log tells me that saml extension is ok
2022-02-16T13:27:06.468783421Z 13:27:06.468 [localhost-startStop-1] INFO
o.a.g.extension.ExtensionModule - Extension "SAML Authentication Extension"
(saml) loaded.
When I reload the guacamole web, the error log is appeared such as
*- If set saml-strict: false (same error as* [~bprutsos] *)*
2022-02-16T10:19:49.490192389Z 10:19:49.489 [http-nio-8080-exec-8] ERROR
c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
Response rejected
2022-02-16T10:19:49.490268057Z 10:19:49.489 [http-nio-8080-exec-8] WARN
o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an
invalid SAML response: SAML response did not pass validation: Signature
validation failed. SAML Response rejected
*- If not set (default saml-strict equal to true)*
2022-02-16T13:39:10.543902866Z 13:39:10.543 [http-nio-8080-exec-1] ERROR
c.onelogin.saml2.authn.SamlResponse - The response was received at
http://daas.vp123xyz.com/portal/api/ext/saml/callback instead of
https://daas.vp123xyz.com/portal/api/ext/saml/callback
2022-02-16T14:27:47.713292674Z 14:27:47.712 [http-nio-8080-exec-1] WARN
o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an
invalid SAML response: SAML response did not pass validation: The response was
received at http://vpbankvdi.cloud.cmctelecom.vn/portal/api/ext/saml/callback
instead of https://vpbankvdi.cloud.cmctelecom.vn/portal/api/ext/saml/callback
Hope anyone can fix it for us, any support is appreciated!
> [Docker Version] SAML extension validating
> -------------------------------------------
>
> Key: GUACAMOLE-1528
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1528
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-saml
> Affects Versions: 1.4.0
> Environment: Docker
> Reporter: Bryce Prutsos
> Priority: Minor
> Labels: SAML
>
> I am trying to configure SAML but the error it gives doesn't really help.
> Specifically error [https-openssl-nio-8080-exec-7] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected.
>
> I am guessing it has to do with the x509 cert between the idp and guacamole
> but there is nowhere to specify settings.
> for the I have the following
>
> extension-priority: *, saml
> saml-debug: true
> saml-strict: false
> saml-idp-url: https://login.localhost.com/sso/go.ashx
> saml-entity-id: https://guac.localhost.com:8080/
> saml-callback-url: https://guac.localhost.com:8080
> mysql-auto-create-accounts: true
>
> LOGS BELOW
>
> 05:31:21.596 [main] INFO o.a.g.extension.ExtensionModule - Extension "SAML
> Authentication Extension" (saml) loaded.
>
> 05:31:21.694 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356
> WebSocket support...
>
> 05:31:22.103 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext
> implementation could not be found. WADL feature is disabled.
>
> 03-Feb-2022 05:31:22.308 INFO [main]
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
> application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in
> [3,099] ms
>
> 03-Feb-2022 05:31:22.312 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["https-openssl-nio-8080"]
>
> 03-Feb-2022 05:31:22.342 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in [3171]
> milliseconds
>
> 05:31:43.515 [https-openssl-nio-8080-exec-5] INFO
> com.onelogin.saml2.util.Util - Found a deprecated algorithm
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element,
> consider requesting a more robust algorithm
>
> 05:31:43.518 [https-openssl-nio-8080-exec-5] ERROR
> c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
> Response rejected
>
> 05:31:43.518 [https-openssl-nio-8080-exec-5] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] INFO
> com.onelogin.saml2.util.Util - Found a deprecated algorithm
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element,
> consider requesting a more robust algorithm
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] ERROR
> c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
> Response rejected
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
