Thank you for your response. Your response helps further clarify that this is some type of misconfiguration with tomcat. As far as the file, yes I was looking at the REST calls that are logged in localhost_access_log.
I will review the permissions and configuration a bit closer on the tomcat side. Thank you! On Tue, Oct 25, 2022 at 6:45 PM Michael Jumper <[email protected]> wrote: > On Tue, Oct 25, 2022 at 2:54 PM Jonathan Rugther <[email protected]> > wrote: > >> When guacamole-auth-sso-saml enabled , is it possible to get an audit log >> file of the ip address or id of the instance a user is trying to connect to? >> > > Yes - this is already logged by Guacamole and should show up wherever your > Tomcat install logs its messages. This could be within the systemd journal > (journalctl), somewhere beneath /var/log, in a file called "catalina.out", > etc. The location of the Tomcat logs varies by how Tomcat was installed and > who packaged it. > > The source IP addresses of all authentication attempts are logged, > regardless of what auth backend ultimately handles that request. You'll see > messages like the following: > > User "foo" successfully authenticated from 1.2.3.4. > Authentication attempt from 1.2.3.4 for user "foo" failed. > > After a user has successfully authenticated, the ID of any connection(s) > that an authenticated user attempts to use is logged like: > > User "guacadmin" connected to connection "123" > > Before switching over to SSO, the tomcat9 logs had a reference to the >> guac_id that we were able to utilize but I don't see anything similar now. >> > > What guac_id are you referring to here? It sounds like you might be > looking at the query parameters of requests within Tomcat's access logs, > not the logs of the Guacamole webapp. > > - Mike > >
