Re: issue - Guacamole SAML with Azure Entra - versions 1.6.0/1.5.3

Tue, 05 Aug 2025 02:59:34 -0700 

Hi Nick,

I have all these items configured but still I am receiving the error message
""ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at
http://xxx.com/api/ext/saml/callback instead of https://
xxx.com/api/ext/saml/callback""

location / {
            proxy_pass http://guacamole:8080/;  # NOTE: trailing slash is
CRITICAL
            proxy_http_version 1.1;

            proxy_set_header X-Real-IP           $remote_addr;
            proxy_set_header X-Forwarded-For     $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto   $scheme;
            proxy_set_header Host                $host;
            proxy_set_header X-Forwarded-Host    $host;
            proxy_set_header X-Forwarded-Server  $host;
            proxy_set_header Upgrade             $http_upgrade;
            proxy_set_header Connection          $http_connection;

            proxy_redirect http:// https://;

            proxy_buffering off;
            proxy_request_buffering off;
            proxy_read_timeout 1d;
            proxy_send_timeout 1d;
        }



On Tue, Aug 5, 2025 at 1:06 AM Nick Couchman <[email protected]> wrote:

> On Sat, Aug 2, 2025 at 7:20 AM Subbareddy Alamuru <
> [email protected]> wrote:
>
>> Hi,
>>
>> I am using guacamole docker setup with Guacamole, GuacD, Nginx proxy and
>> trying to setup SAML sso using Azure Entra but getting this error
>>
>> [image: image.png]
>>
>> Guacamole UI runs at http://containername:8080/guacamole/ and I have
>> this in my nginx proxy
>>
>> location / {
>>   proxy_pass http://guacamole:8080/guacamole/;
>>   .
>>   .
>> }
>>
>
> You're missing several items that control what headers are passed through.
> Make sure that you have the following:
>
>         location / {
>                 proxy_pass http://localhost:8080/;
>                 proxy_buffering off;
>                 proxy_http_version 1.1;
>                 proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
>                 proxy_set_header Upgrade $http_upgrade;
>                 proxy_set_header Connection $http_connection;
>                 proxy_set_header Host $host;
>                 proxy_set_header X-Forwarded-Host $host;
>                 proxy_set_header X-Forwarded-Server $host;
>                 proxy_set_header X-Forwarded-Proto $scheme;
>                 client_max_body_size 1g;
>         }
>
> In particular, setting the various X-Forwarded-* headers will help insure
> the proper "https://"; gets set on the URL. Also, as others have
> mentioned, you need to make sure the callback URL is set properly to the
> actual root of your Guacamole URL (the one in front of the proxy, the one
> users actually access).
>
> -Nick
>
>>

Reply via email to