git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google SAML + CloudStack problem


 Hi.
I am working with CloudStack and I'm indending to use it as a Service
Provider
connected through SSO with our Google Suite catalog.
I did the next:
1/ Generated a self-signed certificate for CLIdStask UI (for
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Enabling+SSL+in+the+CloudStack+UI
)
2. In the admin panel, Google created the SAML application.
I entered:
* ACS URL -- https://my.cloudstack.url:8443/client/api?command=getSPMetadata
* entity ID -- my.cloudstack.url
* Login URL -- https://my.cloudstack.url:8443/client/
* Uncheck -- Signed Answer
Then I got from Google xml metadata file, that I upload to
/etc/cloudstack/management.

3. In CloudStack UI I entered such parameters (for
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/accounts.html
):
*saml2.enabled --  true
*saml2.idp.metadata.url -- name_of_metadatafile.xml
*saml2.sp.id -- my.cloudstack.url
*saml2.default.idpid -- leave blank
*saml2.sigalg -- SHA256
*saml2.redirect.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.org.name -- my.cloudstack.url
*saml2.sp.org.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.slo.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.sso.url -- https://my.cloudstack.url:8443/client/
*saml2.user.attribute -- emailAddress
*saml2.timeout -- default value

After redirect from CloudStack login page i see Google page with error 400
"Invalid Request, invalid idpId in request URL, check if SSO URL is
configured properly on SP side."

What are my mistakes?
Thanks for advise