Colin McGuigan wrote > tldr: The SAML POST body is getting thrown away, and I don't know how to > keep > that from happening. > > Longer: I'm writing a SAML authentication extension, based off of Mike > Jumper's OpenID extension: > https://github.com/mike-jumper/guacamole-auth-openid
Do you have the code available somewhere - github or something like that? I'd be happy to download it and take a look at what's happening. > Now on my SAML extension, step 1-4 are conceptually the same, and work > fine. > Step 5 is where things break down. The IDP isn't sending information back > in the URL, as is done with the id_token request parameter -- instead, > it's > a POST with the SAMLRequest data in the request body. I see this POST > going > to the guacamole site. Out of curiosity, is this configurable with the IDP? I know when I wrote the CAS extension there's an option when you request CAS authentication that allows you to specify how you get the ticket back - as a post or get response. I'm curious if the IDP you're using has something similar? I think I ran into similar issues when I was trying to make the CAS extension use a POST instead of GET, but I can't remember. > I /presume/ that what is happening is that client-side Javascript is > executing a separate POST to guacamole/api/tokens, and that it is this > request that is actually being handled by the authentication extension. > However, this request does not contain the original request body, hence, > my > problem. > > Sadly, I'm not proficient enough in the JS framework to fully understand > what's going on here, if there's an easy way to pass the request body > along, > or if I'm entirely off base. If anyone could help me, I would very much > appreciate it. I think you're probably right, but it should be possible to pass it through. Anyhow, if you can make the code available I'll take a look and see if I can figure anything out. -Nick -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
