Hi Mike, great suggestion – such a simple solution – it works with that now, thanks a lot!
BR, Tobias Von: Mike Jumper <[email protected]> Gesendet: Mittwoch, 5. Januar 2022 17:27 An: [email protected] Betreff: Re: SAML in a loop On Wed, Jan 5, 2022, 06:32 Tobias Heim <[email protected]<mailto:[email protected]>> wrote: Hi Mike, Thanks a lot for your suggestions! I think it’s related to nginx, yes – with the X-Forwarded-Proto and X-Forwarded-Host I got further (before, it told me the URL for the callback would be http:/localhost:8080/…), but it still does not work due to the following problem: 15:24:42.905 [http-nio-8080-exec-6] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: The response was received at https://myserver/guacamole/api/ext/saml/callback instead of https://myserver/api/ext/saml/callback Somehow I cannot get rid of the extra /guacamole/ in that path, even when setting all the headers you provided to me.. Do you know how to do that? Instead of altering the request path within Nginx, I would rename the .war file to "ROOT.war". That will cause Tomcat to serve the application directly from "/" instead of "/guacamole". - Mike
