Hi, I figured out the cause of the problem, but I can't solve it.
``` 11:39:26.228 [http-nio-8080-exec-6] ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at http://guacamole.example.com/guacamole/api/ext/saml/callback instead of https://guacamole.example.com/guacamole/api/ext/saml/callback 11:39:26.229 [http-nio-8080-exec-6] WARN o.a.g.a.s.a. AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: The response was received at http://guacamole.example.com/guacamole/api/ext/saml/callback instead of https://guacamole.example.com/guacamole/api/ext/saml/callback ``` The point is the URL protocol scheme: http vs. https. The Assertion Consumption Service at the https://guacamole.example.com/guacamole/api/ext/saml/callback endpoint, but in the traefik internal service at http://guacamole-app:8080 Traefik config: ``` http: middlewares: sslheader: headers: customRequestHeaders: X-Forwarded-Proto: "https,wss" services: guacamole-app: loadBalancer: servers: - url: "http://guacamole-app:8080/"; routers: guacamole-app: rule: "Host(`guacamole.example.com`) && PathPrefix(`/guacamole`)" tls: certResolver: acmeresolver entryPoints: - websecure service: "guacamole-app@file" middlewares: - sslheader ``` You see I try to add the x-forwarded-proto, but not too match success. Is there anybody to run this stack with success? How can I config the gaucamole docker container to change the http to https in the request? Thanks a lot. Gyula
