I've deployed an Apache Guacamole server and trying to configure SSO using SAML with a Cloud IdaaS. HAproxy is in front of the Guacamole server, providing SSL offloading.
[World Wide Web] -- HTTPS:443 --> [HAProxy] -- HTTP:8080 --> [Tomcat/Guacamole] Apache Guacamole was configured following the tutorial on the Guacamole website. When I attempt to authenticate using SAML, I am finding myself in a redirect loop. The following message is showing up in the Tomcat logs: ``` 03:45:29.364 [http-nio-8080-exec-9] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: The response was received at http://my.personal.domain/guacamole/api/ext/saml/callback instead of https://my.personal.domain/guacamole/api/ext/saml/callback ``` I've checked the setting in the IdP and confirmed that everything is indeed configured for HTTPS. I am now wondering if the issue has something to do with traffic between HAProxy and Guacamole being HTTP, but I don't know how or what to do to change that. I'm happy to use a self-signed certificate between HAProxy and Guacamole since they are both on a protected network. Any ideas you could share would be much appreciated. Timothy
