[
https://issues.apache.org/jira/browse/GUACAMOLE-1528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-1528.
----------------------------------
Resolution: Invalid
> [Docker Version] SAML extension validating
> -------------------------------------------
>
> Key: GUACAMOLE-1528
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1528
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-saml
> Affects Versions: 1.4.0
> Environment: Docker
> Reporter: Bryce Prutsos
> Priority: Minor
> Labels: SAML
>
> I am trying to configure SAML but the error it gives doesn't really help.
> Specifically error [https-openssl-nio-8080-exec-7] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected.
>
> I am guessing it has to do with the x509 cert between the idp and guacamole
> but there is nowhere to specify settings.
> for the I have the following
>
> extension-priority: *, saml
> saml-debug: true
> saml-strict: false
> saml-idp-url: https://login.localhost.com/sso/go.ashx
> saml-entity-id: https://guac.localhost.com:8080/
> saml-callback-url: https://guac.localhost.com:8080
> mysql-auto-create-accounts: true
>
> LOGS BELOW
>
> 05:31:21.596 [main] INFO o.a.g.extension.ExtensionModule - Extension "SAML
> Authentication Extension" (saml) loaded.
>
> 05:31:21.694 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356
> WebSocket support...
>
> 05:31:22.103 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext
> implementation could not be found. WADL feature is disabled.
>
> 03-Feb-2022 05:31:22.308 INFO [main]
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
> application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in
> [3,099] ms
>
> 03-Feb-2022 05:31:22.312 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["https-openssl-nio-8080"]
>
> 03-Feb-2022 05:31:22.342 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in [3171]
> milliseconds
>
> 05:31:43.515 [https-openssl-nio-8080-exec-5] INFO
> com.onelogin.saml2.util.Util - Found a deprecated algorithm
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element,
> consider requesting a more robust algorithm
>
> 05:31:43.518 [https-openssl-nio-8080-exec-5] ERROR
> c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
> Response rejected
>
> 05:31:43.518 [https-openssl-nio-8080-exec-5] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] INFO
> com.onelogin.saml2.util.Util - Found a deprecated algorithm
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 related to the Signature element,
> consider requesting a more robust algorithm
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] ERROR
> c.onelogin.saml2.authn.SamlResponse - Signature validation failed. SAML
> Response rejected
>
> 05:31:53.360 [https-openssl-nio-8080-exec-7] WARN
> o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with
> an invalid SAML response: SAML response did not pass validation: Signature
> validation failed. SAML Response rejected
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
