guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Handling a SAML POST response
Date Thu, 28 Sep 2017 16:23:55 GMT
On Thu, Sep 28, 2017 at 12:20 PM, Colin McGuigan <
colin_guacamole@walkingshadows.org> wrote:

> Nick;
>
> Thanks for all your help.  Let me elaborate.
>
> When I say I have a REST service, it's just as you described -- a WS
> annotated class that is returned from the authentication provider's
> getResource method.  I can call this REST service just fine, and know that
> it works.
>
>
Very nice.


> This service takes in as POST (from the SAML identity provider), calls the
> existing /api/tokens endpoint, passing all of the same content, and
> receives
> a Guacamole authentication token -- ie, the user is know authenticated by
> Guacamole (specifically by my authentication provider), and is stored in
> the
> session.  This also works.  I receive the token just fine.
>
> The problem is I need to pass this token, somehow, to the Guacamole UI so
> that when it calls /api/tokens itself, it can pass in the same token.  The
> essentials of the REST method:
>
>     @POST
>     @Path("/postredirect")
>     public Response redirectSamlPostToGet(@Context HttpServletRequest
> request, String content) throws GuacamoleException, URISyntaxException {
>         try {
>                 String token = callTokenService(request, content);
>                 return Response.seeOther(new URI("http://
> <site>/guacamole/#/token=" +
> token)).build();
>         } catch (Exception e) {
>                 logger.error("Error occurred in postredirect", e);
>                 throw new RuntimeException(e);
>         }
>     }
>
> There is no errors in the logs.  In network traffic I see the redirect
> happen correctly.  However, Guacamole is ignoring the token=<token> portion
> of the URL.  I've tried using id_token instead, but that is also ignored.
>
>
What if you try:

 return Response.seeOther(new URI("http://<site>/guacamole/#/?token=" +
token)).build();

(Add the ? between the token parameter and the Guacamole URL).  Does that
work?

-Nick

Mime
View raw message