confused about google saml instructions

By: Jason Separovic user 29 Jul 2015 at 6:40 p.m. CDT

6 Responses
Jason Separovic gravatar
Hi, I'm trying to follow: http://www.gluu.org/docs/articles/google-saml/ But upon redirect getting: Error Message: Message did not meet security requirements I've attached the metadata file: <EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/mydomain.com/acs" /> </SPSSODescriptor> </EntityDescriptor> *changed mydomain I've configured RelyingParty as per instructions: I think I setup everything correctly apart from the instruction: "Required attributes: Generally a nameID attributes is required. Please talk to us to generate this nameID in your Gluu Server." What does this mean? The instructions seem very clear on the google side, but not so much on the gluu side.
None
closed

Answers

By Mohib Zico Account Admin 30 Jul 2015 at 12:32 a.m. CDT

Copy
Mohib Zico gravatar
>> Error Message: Message did not meet security requirements This is a common Shibboleth issue. I believe you will get lot of info through googling. >> "Required attributes: Generally a nameID attributes is required. Please talk to us to generate this nameID in your Gluu Server." In Gluu Server, we release 'TransientID' as default attribute. Google SAML might not accept 'TransientID' as required NameID; so we configure and map such NameID for our customers. [Here](https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier) is the doc of Shibboleth how you can create such nameID manually. >> The instructions seem very clear on the google side, but not so much on the gluu side. Yeah? Thanks for your comment, man. What points can we include to make it more 'Gluu side'? Please feel free to suggest us... Kind regards, Zico

By Jason Separovic user 30 Jul 2015 at 12:46 a.m. CDT

Copy
Jason Separovic gravatar
the points to make it work :)

By Mohib Zico Account Admin 30 Jul 2015 at 12:50 a.m. CDT

Copy
Mohib Zico gravatar
Alrighty. Your Google SAML will work if those above points are resolved; as these docs were developed on stable working condition ;) Cheers!

By Jason Separovic user 30 Jul 2015 at 12:53 a.m. CDT

Copy
Jason Separovic gravatar
so I guess the point I'm missing is just to figure out the nameId part? I'm looking at shib now to try to get across it..

By Jason Separovic user 31 Jul 2015 at 5:15 p.m. CDT

Copy
Jason Separovic gravatar
I'm trying to follow: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAddAttributeExamples problem is gluu seems to overwrite the idp config files. Is there a way of using the gluu ui to make these changes?

By Mohib Zico Account Admin 01 Aug 2015 at 1:22 a.m. CDT

Copy
Mohib Zico gravatar
>> Is there a way of using the gluu ui to make these changes? For NameID, no. But what you can do for NameID.. you can apply changes in template files ( /opt/tomcat/conf/shibboleth/idp/ ).

Post an answer