Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate SSO with Google SAML #330

Open
pmquang opened this issue Mar 27, 2024 · 2 comments
Open

Integrate SSO with Google SAML #330

pmquang opened this issue Mar 27, 2024 · 2 comments
Assignees
@greenpau
Labels
need triage question Further information is requested

Comments

@pmquang
Copy link

pmquang commented Mar 27, 2024
edited

A clear and concise description of what you want to accomplish.

hi @greenpau ,

I don't know if this is a proper place to ask, but I'm seeking helps to configure SSO with Google SAML:

{
	debug
	order authenticate before respond
	order authorize before basicauth

	security {
		saml identity provider google {
			realm google
			driver generic
			idp_metadata_location /root/caddy/google/google-saml-metadata.xml
			entity_id https://accounts.google.com/o/saml2?idpid=C01k107kt
			idp_login_url https://accounts.google.com/o/saml2/idp?idpid=C01k107kt
			idp_sign_cert_location /root/caddy/google/certificate.pem
			application_name "Google SAML Auth"
			acs_url https://auth.quangpm.net/saml/google
		}

		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify 8x27pg7bbIB7mPi/1VjoeJxfDOfAGdZXKmEMqS7R6TE=
			enable identity provider google
			cookie domain quangpm.net
			ui {
				links {
					"Main Site" https://asset.quangpm.net/ icon "las la-star"
					"My Identity" "/whoami" icon "las la-user"
				}
			}
			transform user {
				match realm google
				action add role authp/user
			}
		}

		authorization policy mypolicy {
			set auth url https://auth.quangpm.net/
			allow roles authp/admin authp/user
			crypto key verify 8x27pg7bbIB7mPi/1VjoeJxfDOfAGdZXKmEMqS7R6TE=
		}
	}
}

(tls_config) {
	tls /root/caddy/server.crt /root/caddy/server.key
}

auth.quangpm.net {
	import tls_config
	authenticate with myportal
}

asset.quangpm.net {
	import tls_config
	authorize with mypolicy
	root * /srv/
	file_server
}

I try configuring Google SAML like this but it doesn't work, when I clicked on the Login button, it showed

Error parsing the request, No SAML message present in request That’s all we know.

Is there anything wrong here, it should be a POST or GET with URL params to Google SSO ? I only see it redirected to https://accounts.google.com/o/saml2/idp?idpid=C01k107kt
@pmquang pmquang added need triage question Further information is requested labels Mar 27, 2024
@greenpau
Copy link
Owner

@pmquang , please upload attach the file with the logs. I see you already have debug enabled.

@pmquang
Copy link
Author

pmquang commented Mar 28, 2024

@pmquang , please upload attach the file with the logs. I see you already have debug enabled.

Here you are sir @greenpau , logs from when I access to https://auth.quangpm.net to I meet the error

caddy.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
need triage question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmquang @greenpau