guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vnick <>
Subject Re: Handling a SAML POST response
Date Fri, 22 Sep 2017 21:57:54 GMT
Colin McGuigan wrote
> tldr: The SAML POST body is getting thrown away, and I don't know how to
> keep
> that from happening.
> Longer: I'm writing a SAML authentication extension, based off of Mike
> Jumper's OpenID extension:

Do you have the code available somewhere - github or something like that? 
I'd be happy to download it and take a look at what's happening.

> Now on my SAML extension, step 1-4 are conceptually the same, and work
> fine. 
> Step 5 is where things break down.  The IDP isn't sending information back
> in the URL, as is done with the id_token request parameter -- instead,
> it's
> a POST with the SAMLRequest data in the request body.  I see this POST
> going
> to the guacamole site.

Out of curiosity, is this configurable with the IDP?  I know when I wrote
the CAS extension there's an option when you request CAS authentication that
allows you to specify how you get the ticket back - as a post or get
response.  I'm curious if the IDP you're using has something similar?  I
think I ran into similar issues when I was trying to make the CAS extension
use a POST instead of GET, but I can't remember.

> I /presume/ that what is happening is that client-side Javascript is
> executing a separate POST to guacamole/api/tokens, and that it is this
> request that is actually being handled by the authentication extension. 
> However, this request does not contain the original request body, hence,
> my
> problem.
> Sadly, I'm not proficient enough in the JS framework to fully understand
> what's going on here, if there's an easy way to pass the request body
> along,
> or if I'm entirely off base.  If anyone could help me, I would very much
> appreciate it.

I think you're probably right, but it should be possible to pass it through. 
Anyhow, if you can make the code available I'll take a look and see if I can
figure anything out.


Sent from:

View raw message