guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colin McGuigan <>
Subject Re: Handling a SAML POST response
Date Thu, 28 Sep 2017 16:20:18 GMT

Thanks for all your help.  Let me elaborate.

When I say I have a REST service, it's just as you described -- a WS
annotated class that is returned from the authentication provider's
getResource method.  I can call this REST service just fine, and know that
it works.

This service takes in as POST (from the SAML identity provider), calls the
existing /api/tokens endpoint, passing all of the same content, and receives
a Guacamole authentication token -- ie, the user is know authenticated by
Guacamole (specifically by my authentication provider), and is stored in the
session.  This also works.  I receive the token just fine.

The problem is I need to pass this token, somehow, to the Guacamole UI so
that when it calls /api/tokens itself, it can pass in the same token.  The
essentials of the REST method:

    public Response redirectSamlPostToGet(@Context HttpServletRequest
request, String content) throws GuacamoleException, URISyntaxException {
    	try {
    		String token = callTokenService(request, content);
	    	return Response.seeOther(new URI("http://<site>/guacamole/#/token=" +
    	} catch (Exception e) {
    		logger.error("Error occurred in postredirect", e);
    		throw new RuntimeException(e);

There is no errors in the logs.  In network traffic I see the redirect
happen correctly.  However, Guacamole is ignoring the token=<token> portion
of the URL.  I've tried using id_token instead, but that is also ignored.

Sent from:

View raw message