[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google SAML + CloudStack problem

I am working with CloudStack and I'm indending to use it as a Service
connected through SSO with our Google Suite catalog.
I did the next:
1/ Generated a self-signed certificate for CLIdStask UI (for
2. In the admin panel, Google created the SAML application.
I entered:
* ACS URL -- https://my.cloudstack.url:8443/client/api?command=getSPMetadata
* entity ID -- my.cloudstack.url
* Login URL -- https://my.cloudstack.url:8443/client/
* Uncheck -- Signed Answer
Then I got from Google xml metadata file, that I upload to

3. In CloudStack UI I entered such parameters (for
*saml2.enabled --  true
*saml2.idp.metadata.url -- name_of_metadatafile.xml
*saml2.sp.id -- my.cloudstack.url
*saml2.default.idpid -- leave blank
*saml2.sigalg -- SHA256
*saml2.redirect.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.org.name -- my.cloudstack.url
*saml2.sp.org.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.slo.url -- https://my.cloudstack.url:8443/client/
*saml2.sp.sso.url -- https://my.cloudstack.url:8443/client/
*saml2.user.attribute -- emailAddress
*saml2.timeout -- default value

After redirect from CloudStack login page i see Google page with error 400
"Invalid Request, invalid idpId in request URL, check if SSO URL is
configured properly on SP side."

What are my mistakes?
Thanks for advise