Open bruman opened 2 months ago
j-travis
commented
2 months ago Do you see any errors in the kasm application logs? and/or your browser console
You should be able to get at the errors in Kasm from the UI, or you can run the following command from your kasm server...
sudo docker logs -f --tail 10 kasm_apiThen try logging in again and capturing the logs
bruman
commented
2 months ago 2024-08-23 16:16:46,459 [DEBUG] client_api_server: Unauthenticated user made authorized API call to (acs) from IP address (10.10.10.176, 10.10.10.176, 172.18.0.2).
2024-08-23 16:16:46,462 [ERROR] cherrypy.error.139679191504640: [23/Aug/2024:16:16:46] HTTP
Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 628, in respond
File "cherrypy/_cprequest.py", line 687, in _do_respond
File "cherrypy/lib/encoding.py", line 219, in __call__
File "cherrypy/_cpdispatch.py", line 54, in __call__
File "utils.py", line 99, in wrapper
File "client_api.py", line 146, in acs
File "authentication/saml/saml_auth.py", line 22, in acs
File "onelogin/saml2/auth.py", line 124, in process_response
onelogin.saml2.errors.OneLogin_Saml2_Error: SAML Response not found, Only supported HTTP_POST Binding
2024-08-23 16:16:46,462 [ERROR] root: Unhandled exception occurred
Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 628, in respond
File "cherrypy/_cprequest.py", line 687, in _do_respond
File "cherrypy/lib/encoding.py", line 219, in __call__
File "cherrypy/_cpdispatch.py", line 54, in __call__
File "utils.py", line 99, in wrapper
File "client_api.py", line 146, in acs
File "authentication/saml/saml_auth.py", line 22, in acs
File "onelogin/saml2/auth.py", line 124, in process_response
onelogin.saml2.errors.OneLogin_Saml2_Error: SAML Response not found, Only supported HTTP_POST Binding
2024-08-23 16:16:46,463 [INFO] cherrypy.access.139679191504640: 172.22.0.4 - - [23/Aug/2024:16:16:46] "GET /api/acs/?id=bcb3a36d66bb43c18226e86c286872d8 HTTP/1.1" 500 78 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
2024-08-23 16:16:46,937 [DEBUG] client_api_server: Unauthenticated user made authorized API call to (healthcheck) from IP address (127.0.0.1).
2024-08-23 16:16:46,938 [INFO] cherrypy.access.139679191504640: 127.0.0.1 - - [23/Aug/2024:16:16:46] "GET /api/__healthcheck HTTP/1.1" 200 12 "" "curl/7.68.0"And just for reference this is what i get when i click the authentic button from the kasm log in
2024-08-23 16:21:00,571 [DEBUG] client_api_server: Unauthenticated user made authorized API call to (sso) from IP address (10.10.10.176, 10.10.10.176, 172.18.0.2).
2024-08-23 16:21:00,574 [INFO] cherrypy.access.139679191504640: 172.22.0.4 - - [23/Aug/2024:16:21:00] "POST /api/sso HTTP/1.1" 200 833 "https://kasm.yyy.yyy/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
2024-08-23 16:21:00,843 [DEBUG] client_api_server: Unauthenticated user made authorized API call to (acs) from IP address (10.10.10.176, 10.10.10.176, 172.18.0.2).
2024-08-23 16:21:01,099 [INFO] cherrypy.access.139679191504640: 172.22.0.4 - - [23/Aug/2024:16:21:01] "POST /api/acs/?id=bcb3a36d66bb43c18226e86c286872d8 HTTP/1.1" 302 1217 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
2024-08-23 16:21:01,187 [DEBUG] client_api_server: Unauthenticated user made authorized API call to (login_saml) from IP address (10.10.10.176, 10.10.10.176, 172.18.0.2).
2024-08-23 16:21:01,193 [INFO] client_api_server: Successful authentication attempt for user: (ism@yyy.yyy)
2024-08-23 16:21:01,194 [INFO] cherrypy.access.139679191504640: 172.22.0.4 - - [23/Aug/2024:16:21:01] "POST /api/login_saml HTTP/1.1" 200 1492 "https://kasm.yyy.yyy/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
2024-08-23 16:21:01,249 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,250 [DEBUG] admin_api_server: Successfully authenticated request (get_agent_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,254 [DEBUG] client_api_server: Successfully authenticated request (get_client_settings) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,254 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,257 [INFO] cherrypy.access.139679191598560: 172.22.0.4 - - [23/Aug/2024:16:21:01] "POST /api/admin/get_report HTTP/1.1" 200 169 "https://kasm.yyy.yyy/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
2024-08-23 16:21:01,255 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,255 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,255 [DEBUG] client_api_server: Successfully authenticated request (license_status) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,256 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,257 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
2024-08-23 16:21:01,263 [DEBUG] admin_api_server: Successfully authenticated request (get_report) for user (ism@yyy.yyy) at (10.10.10.176, 10.10.10.176, 172.18.0.2)
Existing Resources
Describe the bug I have set up Authentik as a SAML provider for KASM. If i am logging into Kasm from kasm webpage i am able to authenticate using my authentik username and password, so i believe i have everything correctly setup for SAML auth to authentik to work. However when i log into Authentik i see a page that has "my applications" listed. When i click on the one for Kasm, i get sent to the kasm website where get a "Interal Error" message.
To Reproduce Steps to reproduce the behavior: Following instructions at https://mafyuh.com/posts/how-to-authenticate-kasm-via-authentik/ log into authentik, then click on the kasm app in "my applications"
Expected behavior Should log you into Kasm
Screenshots If applicable, add screenshots to help explain your problem.
Workspaces Version 1.15.0.577587
Workspaces Installation Method e.g Single Server, Multi-Server, TrueNAS, linuxserver.io, terraform, ansible Docker community edition
Client Browser (please complete the following information): MacOS, Chrome and firefox
Workspace Server Information (please provide the output of the following commands):
uname -acat /etc/os-releaseNAME="Rocky Linux" VERSION="9.4 (Blue Onyx)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="9.4" PLATFORM_ID="platform:el9" PRETTY_NAME="Rocky Linux 9.4 (Blue Onyx)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:9::baseos" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" SUPPORT_END="2032-05-31" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9" ROCKY_SUPPORT_PRODUCT_VERSION="9.4" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.4"sudo docker info-Client: Docker Engine - Community Version: 27.1.1 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.16.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.29.1 Path: /usr/libexec/docker/cli-plugins/docker-composeServer: Containers: 36 Running: 23 Paused: 1 Stopped: 12 Images: 109 Server Version: 27.1.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41 runc version: v1.1.13-0-g58aa920 init version: de40ad0 Security Options: seccomp Profile: builtin cgroupns Kernel Version: 5.14.0-427.28.1.el9_4.x86_64 Operating System: Rocky Linux 9.4 (Blue Onyx) OSType: linux Architecture: x86_64 CPUs: 24 Total Memory: 30.87GiB Name: xxx ID: e9748166-8f74-4bff-90d0-fbb07002e75f Docker Root Dir: /mnt/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false
sudo docker ps | grep kasm0169f669756d kasmweb/ubuntu-jammy-desktop:1.15.0 "/dockerstartup/kasm…" 31 hours ago Up 31 hours 4901/tcp, 5901/tcp, 6901/tcp ismimacdonal_3c90dc9c 46d81abc0c6e lscr.io/linuxserver/webtop:ubuntu-kde "/kasminit" 2 days ago Up 2 days (Paused) 3000-3001/tcp ismimacdonal_2fa2eb79 a3ee77cfadc0 kasmweb/nginx:1.25.3 "/docker-entrypoint.…" 6 weeks ago Up 8 days 80/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp kasm_proxy cb6700cd1645 kasmweb/agent:1.15.0 "/bin/sh -c '/usr/bi…" 6 weeks ago Up 8 days (healthy) 4444/tcp kasm_agent c0e2f45940e1 kasmweb/share:1.15.0 "/bin/sh -c '/usr/bi…" 6 weeks ago Up 8 days (healthy) 8182/tcp kasm_share 43ecbb2282ae kasmweb/manager:1.15.0 "/bin/sh -c '/usr/bi…" 6 weeks ago Up 8 days (healthy) 8181/tcp kasm_manager 58630e7102c0 kasmweb/api:1.15.0 "/bin/sh -c '/usr/bi…" 6 weeks ago Up 8 days (healthy) 8080/tcp kasm_api 0f30594e8c67 postgres:12-alpine "docker-entrypoint.s…" 6 weeks ago Up 8 days (healthy) 5432/tcp kasm_db 89a8c76b4de4 redis:5-alpine "docker-entrypoint.s…" 6 weeks ago Up 8 days 6379/tcp kasm_redis ada6b9836076 kasmweb/kasm-guac:1.15.0 "/dockerentrypoint.sh" 6 weeks ago Up 8 days (healthy) kasm_guacAdditional context