On Wed, Jan 5, 2022 at 6:41 AM Tobias Heim <[email protected]> wrote:
> Hey team, > > we upgraded guacamole from 1.3 to 1.4 – in the old version, using SAML > with Duo authenticator was fine. > > But now it seems some information is not considered anymore as using > SSO-SAML means landing in a login loop – it always forwards from > https://ourguacamoleserver/api/ext/saml/login to the external address of > DUO and back and again and again.. > > Did the callback address change from /api/ext/saml/callback to something > else maybe? > > Do you know what may cause this issue? The only chance for me to get out > of this loop was to enable the manual login window.. > > > No, the callback address did not change. You'll probably need to look at logs for both Guacamole Client (Tomcat or whatever app server you're using) and see if there's any reason being returned by the system for the login failure. You may even need to enable some debugging - either for the web app in general or using the saml-debug property in guacamole.properties (or both) to see additional messages. https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application -Nick >
