By: sachin wagh user 09 Sep 2021 at 5:08 a.m. CDT

4 Responses
sachin wagh gravatar
Hello, We are trying to set up SSO with G-suite where our Gluu instance will act as an IdP. From G-suite (now Google Workspace) login page once user enters email, user is successfully redirected to our gluu login page. **The authentication seems to be successful on gluu and user is redirected back to the G-suite page. However, user is shown "Invalid Email" error and cannot access G-suite.** Our Gluu version is 4.1.1. We have followed steps mentioned in this doc page: https://gluu.org/docs/gluu-server/4.1/integration/saas/google/ **Additional info:** 1. In Google's SSO settings, "Use a domain specific issuer" was enabled. 2. The user we are trying to login with exists in Gluu as well as on Google. 3. The email ids associated with both are matching. 4. The SAML Response signing certificate (included in the response itself) is proper and the same is already configured in Google settings. 6. The time settings on Gluu is correct (the times mentioned in SAML response were matching the time when we were trying to login). Please let us know if we have missed something in configuration steps or what could we try next to fix this. Thanks.

By Michael Schwartz Account Admin 09 Sep 2021 at 2:42 p.m. CDT

Michael Schwartz gravatar
Alex, any thoughts?

By Aliaksandr Samuseu staff 09 Sep 2021 at 2:55 p.m. CDT

Aliaksandr Samuseu gravatar
Hi. @Michael.Schwartz , it needs nameid of specific type ("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"), so may be something is off with configuration, and GSuite doesn't get it? Let me give it a try, I wonder if this doc is still up to date..

By Aliaksandr Samuseu staff 09 Sep 2021 at 2:57 p.m. CDT

Aliaksandr Samuseu gravatar
Sachin, could you please also record a network trace for us, and share it as a HAR file? You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that task, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page. Share the HAR file using any file sharing service you wish, or mail it to me at `alex@gluu.org`

By sachin wagh user 13 Sep 2021 at 5:18 a.m. CDT

sachin wagh gravatar
Hello Alex, Have recorded network trace using Firefox and sent the HAR file to your email.