On Thu, Feb 10, 2022, 10:37 Martin Twerski <[email protected]> wrote:
> Upgraded from 1.3 to 1.4 where I had SAML working. I have updated the > plugin to the new sso one. I get an error when trying to use SAML auth - > [http-nio-8080-exec-2] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - > Authentication attempted with an invalid SAML response: SAML response did > not pass validation: The response was received at > http://example.fqdn.com/guacamole/api/ext/saml/callback instead of > https://example.fqdn.com/api/ext/saml/callback > > > > If I set saml-strict to false, no issues with login. If I revert to 1.3 > plugin, no issues. > > > > My reverse proxy in front of Guacamole is Apache. I have followed this: > https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html (The > section about “Apache and mod_proxy” as well as “Setting up the Remote IP > Valve”). > > > > My proxy is not on the same box as Guacamole. > > > > Any ideas on how to resolve this? > Instead of changing the path of the application within the proxy, try renaming "guacamole.war" to "ROOT.war" so that Tomcat serves the application from / directly. I also recommend looking at the docs for the current release: https://guacamole.apache.org/doc/gug/reverse-proxy.html The link you reference above is a snapshot of ancient 0.9.7 docs (6+ years ago). - Mike
