Apache Guacamole and Traefik's AddPrefix Middleware

[jacobhuggins]

When using the SAML auth extension it appears that the Traefik's AddPrefix middleware breaks SAML auth due to the SAML_STRICT: "true" (default) property. I can't seem to find a way around this issue but adding WEBAPP_CONTEXT: ROOT resolves the SAML_STRICT: "true" issue and removes the need to use the AddPrefix middleware. I believe it's a more elegant solution.

[frigi83]

@jacobhuggins thank you for submitting the issue. I didn't exactly understand where you mean you did the modification, maybe you can add some example code.

The example is focused on Traefik - Guacamole and the 2FA in the latest one

[jacobhuggins]

Just a simple environment variable in the guacamole container. Allows you to drop "traefik.http.middlewares.guacamoleMdl.addprefix.prefix=/guacamole" as guacamole will now serve content from the root instead of /guacamole.

guacamole:
image: guacamole/guacamole-dev
container_name: guacamole
hostname: guacamole
restart: always
depends_on:
- guacd
- guacamole-db
environment:
GUACD_HOSTNAME: guacd
MYSQL_HOSTNAME: guacamole-db
MYSQL_DATABASE: guacamole_db
MYSQL_USER: guacamole_user
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_PASSWORD_FILE: '/run/secrets/guacamole-user'
EXTENSION_PRIORITY: "saml"
SAML_IDP_URL: ""
SAML_ENTITY_ID: ""
SAML_CALLBACK_URL: ""
SAML_IDP_METADATA_URL: ""
WEBAPP_CONTEXT: ROOT
RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings"
volumes:
- /opt/docker/guacamole/server.xml:/usr/local/tomcat/conf/server.xml:r
- /opt/docker/guacamole/guacd/drive:/drive:rw
- /opt/docker/guacamole/guacd/recordings:/var/lib/guacamole/recordings:r

[frigi83]

@jacobhuggins Thanks for the example

I cannot find any reference in the Guacamole documentation on WEBAPP_CONTEXT.

Can you please tell me where it is described?

[jacobhuggins]

I honestly can't find any reference to it in the documentation. Just that it gets set here 500-generate-tomcat-catalina-base.sh and when you name the war file to ROOT.war Tomcat will serve content from the root.