Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1528

[Docker Version] SAML extension validating

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Invalid
    • 1.4.0
    • None
    • guacamole-auth-saml
    • Docker

    Description

      I am trying to configure SAML but the error it gives doesn't really help.

      Specifically error  [https-openssl-nio-8080-exec-7] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: Signature validation failed. SAML Response rejected.

       

      I am guessing it has to do with the x509 cert between the idp and guacamole but there is nowhere to specify settings. 

      for the I have the following 

       

      extension-priority: *, saml
      saml-debug: true
      saml-strict: false
      saml-idp-url: https://login.localhost.com/sso/go.ashx
      saml-entity-id: https://guac.localhost.com:8080/
      saml-callback-url: https://guac.localhost.com:8080
      mysql-auto-create-accounts: true

       

       LOGS BELOW
       
      05:31:21.596 [main] INFO o.a.g.extension.ExtensionModule - Extension "SAML Authentication Extension" (saml) loaded.
       
      05:31:21.694 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
       
      05:31:22.103 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext implementation could not be found. WADL feature is disabled.
       
      03-Feb-2022 05:31:22.308 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [3,099] ms
       
      03-Feb-2022 05:31:22.312 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8080"]
       
      03-Feb-2022 05:31:22.342 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [3171] milliseconds
       
      05:31:43.515 [https-openssl-nio-8080-exec-5] INFO com.onelogin.saml2.util.Util - Found a deprecated algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element, consider requesting a more robust algorithm
       
      05:31:43.518 [https-openssl-nio-8080-exec-5] ERROR c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML Response rejected
       
      05:31:43.518 [https-openssl-nio-8080-exec-5] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: Signature validation failed. SAML Response rejected
       
      05:31:53.360 [https-openssl-nio-8080-exec-7] INFO com.onelogin.saml2.util.Util - Found a deprecated algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element, consider requesting a more robust algorithm
       
      05:31:53.360 [https-openssl-nio-8080-exec-7] ERROR c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML Response rejected
       
      05:31:53.360 [https-openssl-nio-8080-exec-7] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: SAML response did not pass validation: Signature validation failed. SAML Response rejected

      Attachments

        Activity

          People

            Unassigned Unassigned
            bprutsos Bryce Prutsos
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: