Hi, I'm trying to configure SAML with guacamole v1.2 and LemonLDAP.
In order to configure the IdP with Guacamole as a SP and according to LemonLDAP documentation I should register SP metadata by uploading the file (or get it from SP metadata URL). It seems that the saml extension does not provide this metadata. Right ? My Guacamole url : https://<my_guacamole_server> On the IdP, my guacamole server is configured as a SP, but without any metadata. With saml-idp-metadata-url: file:// or url. It just don't work and I get this error: /13:44:49.594 [http-nio-8080-exec-4] DEBUG org.apache.xml.security.Init - Registering default algorithms 13:44:49.694 [http-nio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - The "saml" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: saml" within your guacamole.properties. 13:44:49.694 [http-nio-8080-exec-4] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <client-IP> failed./ So I tried to ignore metadata files/url and the best I could do was to reach my IdP, logged in, but the IdP didn't forward me to guacamole... I land on the IdP home page. This is my configuration: *saml-debug: true saml-callback-url: https://<my_guacamole_server> saml-idp-url: https://<IdP_server>/saml/ saml-entity-id: https://<my_guacamole_server>* And the logs I'm getting from tomcat: /13:51:04.257 [http-nio-8080-exec-5] DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_740ca17a-661f-4c66-81f3-2e8528f5b87c" Version="2.0" IssueInstant="2020-07-29T13:51:04Z" Destination="https://<IdP_server>/saml/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://<my_guacamole_server>/api/ext/saml/callback"><saml:Issuer>https://<my_guacamole_server></saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest> 13:51:04.258 [http-nio-8080-exec-5] DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/root/.guacamole/user-mapping.xml" does not exist and will not be read. 13:51:04.258 [http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <client-IP> failed. / It seems to me that my call back URL is wrong, but I'm not sure ... I tried https://<my_guacamole_server>/app/ext/saml/callback but It didn't work either. Sorry for my not so good English. I hope I did somehting understandable :) Thanks -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
