Just in case its useful to anyone else, I solved this in the end by setting the proxy through the CATALINA_OPTS environment variable, so it is picked up by Tomcat.
>From my docker-compose file: CATALINA_OPTS: "-DproxySet=true -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=3128 -Dhttps.proxyHost=proxy.example.com -Dhttps.proxyPort=3128" Thanks Henry ________________________________ From: Henry Cole <[email protected]> Sent: 20 March 2023 21:28 To: [email protected] <[email protected]> Subject: Use of Forward Proxy with SAML Plugin Hi all I am running Guacamole in Docker, on a host server which only has outbound web access via a proxy. However, the SAML plugin is throwing an error: 21:08:11.337 [http-nio-8080-exec-5] WARN o.a.g.e.AuthenticationProviderFacade - The "saml" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: saml" within your guacamole.properties. 21:08:11.338 [http-nio-8080-exec-5] ERROR o.a.g.rest.RESTExceptionMapper - Request could not be processed: Could not parse SAML IdP Metadata file. I have the HTTP_PROXY and HTTPS_PROXY environment variables set in the docker container, and this can be confirmed by attaching to bash in the container and running a simple curl test. It succeeds and I see it hit the proxy logs. However, I do not see any outbound HTTP(S) attempts outside of this, so it seems the environment variables are not picked up by Guacamole (or at least, the SAML plugin). The same setup is working fine on a server with outbound 80/443 allowed. Is it possible somehow to configure Guacamole to use a forward proxy? Thanks in advance! Henry
