I was having a similar issue - here is what my working guacamole.properties
looks like:
guacd-hostname: localhost
guacd-port: 4822
#user-mapping: /etc/guacamole/user-mapping.xml
#SAML
saml-idp-url: URL FROM SAML PROVIDER
saml-entity-id: ENTITY ID FROM PROVIDER
saml-callback-url: BASE URL OF GUAC INSTALL - NOTHING ELSE SHOULD FOLLOW
saml-strict: false
saml-debug: true
mysql-hostname: SQL SERVER FQDN
mysql-port: SQL PORT
mysql-database: GUAC DATABASE
mysql-username: GUAC DATABASE USER
mysql-password: GUAC DATABASE PASSWORD
mysql-auto-create-accounts: true
I think you're having a different problem; e.g. I don't think that anonymous
authentication is the actual error to look at. An authentication attempt occurs
right after, so my guess is that Guac recognizes that you haven't signed in and
need to sign in - then redirects you to auth provider. I would guess your
actual error is a bit further down the log.
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting
parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO
guacamole_user_attribute ( user_id, attribute_name,
attribute_value ) VALUES
(?, ?, ?) , (?,
?, ?
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Is something wrong with your SQL install, maybe? My only shows:
guac tomcat9[58451]: 17:42:52.529 [http-nio-8080-exec-1] DEBUG
o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
I'd start there.
________________________________
From: Daniel Storey <[email protected]>
Sent: Sunday, August 9, 2020 6:45 AM
To: [email protected] <[email protected]>
Subject: Re: SAML on Guacamole 1.2
Thanks, Sebastian. You’re right – it should have been
http://<servername>.rededucation.com:8080/guacamole/<http://%3cservername%3e.rededucation.com:8080/guacamole/>.
I’ve updated it as well as a few other errors and it’s still not working. I’m
seeing a page that says:
Please wait, redirecting to identity provider
As soon as it hits the <servername>.rededucation.com page and then it redirects
to
http://guacamole.rededucation.com:8080/guacamole/#/?responseHash=9D10496AD38722D9C88016835D595715C3F29F074C521103D7908E1051992770
and displays the following message:
ERROR:
“An error has occurred and this action cannot be completed. If the problem
persists, please notify your system administrator or check your system logs.”
My guacamole.properties file is now:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://red-education-dev.onelogin.com/
saml-entity-id:
https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: http://guacamole.rededucation.com:8080/guacamole/
saml-idp-metadata-url: file:///home/dan/guacamole.xml
saml-debug: True
saml-strict: False
And there’s new logging material as well:
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.001 [http-nio-8080-exec-1]
DEBUG c.onelogin.saml2.authn.AuthnRequest - AuthNRequest -->
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ONELOGIN_85608ff0-3593-4b14-a036-feb8caa7e8f3" Version="2.0"
IssueInstant="2020-08-09T12:37:15Z"
Destination="https://red-education-dev.onelogin.com/trust/saml2/http-redirect/sso/7c0aafc5-cb37-478b-b1d0-9efee78ac59c";
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://guacamole.rededucation.com:8080/guacamole/api/ext/saml/callback#/";><saml:Issuer>https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c</saml:Issuer><samlp:NameIDPolicy
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
AllowCreate="true" /></samlp:AuthnRequest>
Aug 9 12:37:16 guacamole tomcat9[1278]: 12:37:16.006 [http-nio-8080-exec-1]
DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt
from 172.31.0.5 failed.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.586 [http-nio-8080-exec-4]
DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has NameID -->
[email protected]
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.590 [http-nio-8080-exec-4]
DEBUG c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes:
{User.FirstName=[Daniel], User.LastName=[Storey],
User.email=[[email protected]], memberOf=[],
PersonImmutableID=[[email protected]]}
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.594 [http-nio-8080-exec-4]
INFO o.a.g.r.auth.AuthenticationService - User
"[email protected]" successfully authenticated from 172.31.0.5.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.641 [http-nio-8080-exec-4]
DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.652 [http-nio-8080-exec-4]
DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.659 [http-nio-8080-exec-4]
DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 8.0.21.
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.679 [http-nio-8080-exec-4]
ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting
parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO
guacamole_user_attribute ( user_id, attribute_name,
attribute_value ) VALUES
(?, ?, ?) , (?,
?, ?
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: 12:37:18.684 [http-nio-8080-exec-4]
DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint.
Aug 9 12:37:18 guacamole tomcat9[1278]:
org.apache.ibatis.exceptions.PersistenceException:
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Error updating database. Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
Aug 9 12:37:18 guacamole tomcat9[1278]: ### The error occurred while setting
parameters
Aug 9 12:37:18 guacamole tomcat9[1278]: ### SQL: INSERT INTO
guacamole_user_attribute ( user_id, attribute_name,
attribute_value ) VALUES
(?, ?, ?) , (?,
?, ?)
Aug 9 12:37:18 guacamole tomcat9[1278]: ### Cause:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.session.SqlSessionManager$SqlSessionInterceptor.invoke(SqlSessionManager.java:350)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.proxy.$Proxy35.insert(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.session.SqlSessionManager.insert(SqlSessionManager.java:236)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.proxy.$Proxy37.insertAttributes(Unknown Source)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService.updateObject(ModeledDirectoryObjectService.java:510)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.jdbc.user.UserDirectory.update(UserDirectory.java:37)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.totp.user.UserVerificationService.setKey(UserVerificationService.java:184)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.totp.user.UserVerificationService.getKey(UserVerificationService.java:116)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.totp.user.UserVerificationService.verifyIdentity(UserVerificationService.java:234)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.auth.totp.TOTPAuthenticationProvider.decorate(TOTPAuthenticationProvider.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.extension.AuthenticationProviderFacade.decorate(AuthenticationProviderFacade.java:355)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.DecoratedUserContext.decorate(DecoratedUserContext.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.DecoratedUserContext.<init>(DecoratedUserContext.java:233)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.DecorationService.decorate(DecorationService.java:88)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.AuthenticationService.getUserContexts(AuthenticationService.java:409)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:454)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/java.lang.reflect.Method.invoke(Method.java:566)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
java.base/java.lang.Thread.run(Thread.java:834)
Aug 9 12:37:18 guacamole tomcat9[1278]: Caused by:
java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be
null
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
com.mysql.cj.jdbc.ClientPreparedStatement.execute(ClientPreparedStatement.java:370)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:46)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:74)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:50)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011at
org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
Aug 9 12:37:18 guacamole tomcat9[1278]: #011... 71 common frames omitted
Aug 9 12:37:25 guacamole tomcat9[1278]: 12:37:25.668 [pool-4-thread-1] DEBUG
o.a.g.a.t.u.CodeUsageTrackingService - TOTP tracking cleanup check completed in
0 ms.
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.293 [pool-1-thread-1] DEBUG
o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions...
Aug 9 12:37:46 guacamole tomcat9[1278]: 12:37:46.294 [pool-1-thread-1] DEBUG
o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms.
It looks as though it’s trying to create an entry in the mysql Database that’s
all null values:
(user_id, attribute_name, attribute_value) VALUES (?, ?, ?), (?, ?, ?)
Cheers,
Daniel Storey
Red Education
From: Sebastian Männling <[email protected]>
Reply to: "[email protected]" <[email protected]>
Date: Sunday, 9 August 2020 at 3:45 pm
To: "[email protected]" <[email protected]>
Subject: Re: SAML on Guacamole 1.2
Hi,
I never set up saml on guacamole, but what looks “suspicious” to me is your
callback url... port 8080 is usually not https (unless you explicitly set it up
like that.)
On 9. Aug 2020, at 04:47, Daniel Storey <[email protected]> wrote:
Hi Everyone,
I’m struggling to get SAML authentication working for Guacamole 1.2 with
onelogin.com. I’ve created the following guacamole.properties file:
# GuacD properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: pWAR53fht786!@#
# SAML Properties
saml-idp-url: https://<domain>.onelogin.com/
saml-entity-id:
https://app.onelogin.com/saml/metadata/7c0aafc5-cb37-478b-b1d0-9efee78ac59c
saml-callback-url: https://<servername>.rededucation.com:8080/guacamole/
saml-idp-metadata-url: /home/dan/guacamole.xml
saml-debug: True
saml-strict: False
http://guacamole.rededucation.com:8080/guacamole/#/
I’m following the blog at
https://cloudfish.hatenablog.com/entry/2020/07/15/212107 which has been
translated by Chrome into English, but I’ve modified the suggestions of the
values to insert into guacamole.properties into lowercase and using hyphens
rather than underscores.
I’m trying to get trace logging working in Guacamole to be able to determine
what’s happening, but I can’t seem to get any traces in
/var/log/tomcat9/catalina.out or /var/log/syslog.
What I’m currently seeing in the log is:
[2020-08-09 01:23:49] [info] 01:23:49.848 [http-nio-8080-exec-5] DEBUG
o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from <IP
ADDRESS OF CONNECTING MACHINE> failed.
I’m not sure what to do to fix this. Any suggestions are welcome.
Cheers,
Daniel Storey
Red Education
