On Mon, Mar 7, 2022 at 3:31 PM Michael Vasile (Student Employee) <[email protected]> wrote: > > Hi all, > > > > Trying to configure SAML on Guacamole for the first time. I have recently > built a new Guacamole environment running version 1.4.0, and am having issues > with having our IdP communicate back to the SAML extension. > > > > When attempting to authenticate using SAML, the authentication fails with > this error in the logs: > > SAML response did not pass validation: The response was received at > http://[HOSTNAME]/guacamole/api/ext/saml/callback instead of > https://[HOSTNAME]/api/ext/saml/callback. > > > > The ACS on the IdP is specified as the > https://[HOSTNAME]/api/ext/saml/callback, so it seems that there is some > configuration issue or Guacamole or the web server (I am using Nginx for > reverse proxying). > >
This seems to come up frequently - we probably need to document it a bit better, but you might try setting these options in your Nginx configuration: proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; That final one - the X-Forwarded-Proto - should set up the https correctly. -NIck --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
