Hi Mike, I am experiencing the same issue here. I followed the suggestions posted, but still find myself looping. Any suggestions?
On Wed, Jan 5, 2022 at 12:49 PM Tobias Heim <[email protected]> wrote: > Hi Mike, > > great suggestion – such a simple solution – it works with that now, thanks > a lot! > > > > BR, Tobias > > > > *Von:* Mike Jumper <[email protected]> > *Gesendet:* Mittwoch, 5. Januar 2022 17:27 > *An:* [email protected] > *Betreff:* Re: SAML in a loop > > > > On Wed, Jan 5, 2022, 06:32 Tobias Heim <[email protected]> wrote: > > Hi Mike, > > > > Thanks a lot for your suggestions! I think it’s related to nginx, yes – > with the X-Forwarded-Proto and X-Forwarded-Host I got further (before, it > told me the URL for the callback would be http:/localhost:8080/…), but it > still does not work due to the following problem: > > > > 15:24:42.905 [http-nio-8080-exec-6] WARN > o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted > with an invalid SAML response: SAML response did not pass validation: The > response was received at https://myserver/*guacamole*/api/ext/saml/callback > instead of https://myserver/api/ext/saml/callback > > > > Somehow I cannot get rid of the extra /guacamole/ in that path, even when > setting all the headers you provided to me.. > > > > Do you know how to do that? > > > > Instead of altering the request path within Nginx, I would rename the .war > file to "ROOT.war". That will cause Tomcat to serve the application > directly from "/" instead of "/guacamole". > > > > - Mike > > >
