Apparently, the IdP had a misconfiguration for the guacamole SP. My original error is now solved, and I can now log into the IdP. However, when I am redirected back to guacamole I enter an infinite redirection loop between SP and IdP. That is because Tomcat/Guacamole complains about:
ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at https://guac.mydomain.org/guacamole/api/ext/saml/callback instead of https://guac.mydomain.org/api/ext/saml/callback Sorry for the SAML newbie question but "who" is sending the response? I'm guessing the IdP tells the client browser to send the response back to https://guac.mydomain.org/guacamole/api/ext/saml/callback instead of https://guac.mydomain.org/api/ext/saml/callback, right? If that's so then I guess the IdP is misconfigured again because it should tell the client to send the response to https://guac.mydomain.org/api/ext/saml/callback. Regards, Vieri --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org