From d8765a8f3c8bc2ab7971b2886ea799ccef2850ed Mon Sep 17 00:00:00 2001
From: Markus Petzsch <markus@petzsch.eu>
Date: Mon, 31 May 2021 11:09:56 +0200
Subject: [PATCH 1/5] GUACAMOLE-1322: Add Docker environment variables for
 configuring SAML.

---
 guacamole-docker/bin/start.sh | 46 +++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 36fdcaad6..23cfdb831 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -744,6 +744,46 @@ END
 
 }
 
+## Adds properties to guacamole.properties which select the SAML
+## authentication provider, and configure it to connect to the specified SAML
+## provider.
+##
+associate_saml() {
+
+    # Verify required parameters are present
+    if [ -z "$SAML_IDP_METADATA_URL" ]
+    then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using an openid authentication, you must provide each of the following
+environment variables:
+
+    SAML_IDP_METADATA_URL           The URI of the XML metadata file that from the SAML Identity
+                                    Provider
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_property          "saml-idp-metadata-url"            "$SAML_IDP_METADATA_URL"
+    set_optional_property "saml-idp-url"                     "$SAML_IDP_URL"
+    set_optional_property "saml-entity-id"                   "$SAML_ENTITY_ID"
+	set_optional_property "saml-callback-url"                "$SAML_CALLBACK_URL"
+	set_optional_property "saml-strict"                      "$SAML_STRICT"
+	set_optional_property "saml-debug"                       "$SAML_DEBUG"
+	set_optional_property "saml-compress-request"            "$SAML_COMPRESS_REQUEST"
+	set_optional_property "saml-compress-response"           "$SAML_COMPRESS_RESPONSE"
+	set_optional_property "saml-group-attribute"             "SAML_GROUP_ATTRIBUTE"
+
+    # Add required .jar files to GUACAMOLE_EXT
+    # "1-{}" make it sorted as a first provider (only authentication)
+    # so it can work together with the database providers (authorization)
+    find /opt/guacamole/saml/ -name "*.jar" | awk -F/ '{print $NF}' | \
+    xargs -I '{}' ln -s "/opt/guacamole/saml/{}" "${GUACAMOLE_EXT}/1-{}"
+
+}
+
 ##
 ## Adds properties to guacamole.properties which configure the TOTP two-factor
 ## authentication mechanism.
@@ -993,6 +1033,12 @@ if [ -n "$OPENID_AUTHORIZATION_ENDPOINT" ]; then
     INSTALLED_AUTH="$INSTALLED_AUTH openid"
 fi
 
+# Use SAML if specified
+if [ -n "$SAML_IDP_METADATA_URL" ]; then
+    associate_saml
+    INSTALLED_AUTH="$INSTALLED_AUTH saml"
+fi
+
 #
 # Validate that at least one authentication backend is installed
 #

From 2fbd228c337d0970fe5a884f536a6dc0989b50fb Mon Sep 17 00:00:00 2001
From: Markus Petzsch <markus@petzsch.eu>
Date: Mon, 31 May 2021 13:13:21 +0200
Subject: [PATCH 2/5] GUACAMOLE-1322: Correct indentation of SAML property
 assignments to match established code style.

---
 guacamole-docker/bin/start.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 23cfdb831..be05f276f 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -769,12 +769,12 @@ END
     set_property          "saml-idp-metadata-url"            "$SAML_IDP_METADATA_URL"
     set_optional_property "saml-idp-url"                     "$SAML_IDP_URL"
     set_optional_property "saml-entity-id"                   "$SAML_ENTITY_ID"
-	set_optional_property "saml-callback-url"                "$SAML_CALLBACK_URL"
-	set_optional_property "saml-strict"                      "$SAML_STRICT"
-	set_optional_property "saml-debug"                       "$SAML_DEBUG"
-	set_optional_property "saml-compress-request"            "$SAML_COMPRESS_REQUEST"
-	set_optional_property "saml-compress-response"           "$SAML_COMPRESS_RESPONSE"
-	set_optional_property "saml-group-attribute"             "SAML_GROUP_ATTRIBUTE"
+    set_optional_property "saml-callback-url"                "$SAML_CALLBACK_URL"
+    set_optional_property "saml-strict"                      "$SAML_STRICT"
+    set_optional_property "saml-debug"                       "$SAML_DEBUG"
+    set_optional_property "saml-compress-request"            "$SAML_COMPRESS_REQUEST"
+    set_optional_property "saml-compress-response"           "$SAML_COMPRESS_RESPONSE"
+    set_optional_property "saml-group-attribute"             "SAML_GROUP_ATTRIBUTE"
 
     # Add required .jar files to GUACAMOLE_EXT
     # "1-{}" make it sorted as a first provider (only authentication)

From 51eaddeba83c78e1df0607eecdcf4512c1907b81 Mon Sep 17 00:00:00 2001
From: Markus Petzsch <markus@petzsch.eu>
Date: Thu, 3 Jun 2021 13:41:57 +0200
Subject: [PATCH 3/5] GUACAMOLE-1322: prepend Variable for SAML plugin with
 missing $

---
 guacamole-docker/bin/start.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index be05f276f..1da0d1d51 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -774,7 +774,7 @@ END
     set_optional_property "saml-debug"                       "$SAML_DEBUG"
     set_optional_property "saml-compress-request"            "$SAML_COMPRESS_REQUEST"
     set_optional_property "saml-compress-response"           "$SAML_COMPRESS_RESPONSE"
-    set_optional_property "saml-group-attribute"             "SAML_GROUP_ATTRIBUTE"
+    set_optional_property "saml-group-attribute"             "$SAML_GROUP_ATTRIBUTE"
 
     # Add required .jar files to GUACAMOLE_EXT
     # "1-{}" make it sorted as a first provider (only authentication)
@@ -1101,4 +1101,3 @@ fi
 #
 
 start_guacamole
-

From eb58d37d00b41f309d18bb53a10131fabaf3f9d4 Mon Sep 17 00:00:00 2001
From: Jean-Benoit Paux <9682558+jbpaux@users.noreply.github.com>
Date: Wed, 3 Nov 2021 19:06:14 +0100
Subject: [PATCH 4/5] GUACAMOLE-1322: fix SAML/OpenID typo and style

---
 guacamole-docker/bin/start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 1da0d1d51..95c08cd40 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -744,6 +744,7 @@ END
 
 }
 
+##
 ## Adds properties to guacamole.properties which select the SAML
 ## authentication provider, and configure it to connect to the specified SAML
 ## provider.
@@ -756,7 +757,7 @@ associate_saml() {
         cat <<END
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
-If using an openid authentication, you must provide each of the following
+If using a SAML authentication, you must provide each of the following
 environment variables:
 
     SAML_IDP_METADATA_URL           The URI of the XML metadata file that from the SAML Identity

From 3e1c92a5325283b1f8b06f6b47c6e139398a273b Mon Sep 17 00:00:00 2001
From: Jean-Benoit Paux <9682558+jbpaux@users.noreply.github.com>
Date: Wed, 3 Nov 2021 20:04:52 +0100
Subject: [PATCH 5/5] GUACAMOLE-1322: implement correct property requirement
 logic

---
 guacamole-docker/bin/start.sh | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 95c08cd40..bbdee9e2e 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -752,22 +752,33 @@ END
 associate_saml() {
 
     # Verify required parameters are present
-    if [ -z "$SAML_IDP_METADATA_URL" ]
+    if [ -z "$SAML_IDP_METADATA_URL" ] && \
+       [ -z "$SAML_ENTITY_ID" -o -z "$SAML_CALLBACK_URL" ]
     then
         cat <<END
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
-If using a SAML authentication, you must provide each of the following
-environment variables:
+If using a SAML authentication, you must provide either SAML_IDP_METADATA_URL
+or both SAML_ENTITY_ID and SAML_CALLBACK_URL environment variables:
 
-    SAML_IDP_METADATA_URL           The URI of the XML metadata file that from the SAML Identity
-                                    Provider
+    SAML_IDP_METADATA_URL   The URI of the XML metadata file that from the SAML Identity
+                            Provider that contains all of the information the SAML
+                            extension needs in order to know how to authenticate with
+                            the IdP. This URI can either be a remote server (e.g. https://)
+                            or a local file on the filesystem (e.g. file://).
+
+    SAML_ENTITY_ID          The entity ID of the Guacamole SAML client, which is
+                            generally the URL of the Guacamole server
+
+    SAML_CALLBACK_URL       The URL that the IdP will use once authentication has
+                            succeeded to return to the Guacamole web application and
+                            provide the authentication details to the SAML extension.
 END
         exit 1;
     fi
 
     # Update config file
-    set_property          "saml-idp-metadata-url"            "$SAML_IDP_METADATA_URL"
+    set_optional_property "saml-idp-metadata-url"            "$SAML_IDP_METADATA_URL"
     set_optional_property "saml-idp-url"                     "$SAML_IDP_URL"
     set_optional_property "saml-entity-id"                   "$SAML_ENTITY_ID"
     set_optional_property "saml-callback-url"                "$SAML_CALLBACK_URL"