Hi,
I am using Guacamole with Docker and enabled the SAML extension for authentication. When I am in a proxied network, I can’t make the SAML extension to fetch the SAML_IDP_METADATA file that is externally hosted. I tried setting JAVA_OPTS and CATALINA_OPTS with the proxy configuration but looks like they have no effect in the extension. I made it work by downloading the metadata file and providing that to the guacamole container with a volume mount, which worked fine. But I am wondering if I am not setting the proxy parameters properly, or if the SAML extension is ignoring JAVA_OPTS (or CATALINA_OPTS but I think this one doesn’t apply here) For reference, this is how I am running the container with docker compose: 1. SAML_IDP_METADATA_URL use https://mocksaml.com/ test identity provider 2. JAVA_OPTS is set with proxy parameters 3. Also tried with system proxy's http_proxy and https_proxy env vars (but I didn’t use “-Djava.net.useSystemProxies=true” in JAVA_OPTS to get them loaded, so it didn’t work) 4. Ended up writing the xml file at https://mocksaml.com/api/saml/metadata on disk and mounting it to the container, and that makes it work fine behind the proxy web: image: docker.io/guacamole/guacamole environment: - … - SAML_IDP_METADATA_URL=https://mocksaml.com/api/saml/metadata - SAML_ENTITY_ID=http://localhost:8080/guacamole/ - SAML_CALLBACK_URL=http://localhost:8080/guacamole/ - SAML_STRICT=false - JAVA_OPTS=” -Dhttp.proxyHost=10.0.0.100 -Dhttp.proxyPort=8800” - EXTENSION_PRIORITY=*,postgresql,saml Any hints on what might be wrong with my setup? Thank you!
