Configure SAML2 IdP functionality to provide SSO for Google Cloud

[ZaoZao Ge]

Hello Everyone, 

I have been working toward integrate CAS with Google Cloud. 

My CAS version is 5.3.11. CAS document listed 2 ways to register Google App. I would like to use the SAML2 IdP functionality in CAS.

I have managed to configure Google Admin and generated sp metadata and register SP. However, CAS tells me that the application is not authorized to use cas.

the log file shows,  

ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <CAS has found a match for service [https://accounts.google.com/samlrp/metadata?rpid=xxx] in registry but the match is not defined as a SAML service>

The source code shows it is because the check (registeredService instanceof SamlRegisteredService) failed.

Here is the register json file

{"@class":"org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId":"https://accounts.google.com/samlrp/metadata?rpid\xxx","name":"SAMLService","id":4526,"evaluationOrder":30,"metadataLocation":"/home/work/cas/saml/sp/4526.xml","attributeReleasePolicy":{"@class":"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy","excludeDefaultAttributes":true,"allowedAttributes":["java.util.ArrayList",["username","email"]]}}

My question is how to register Google as SAML2 SP?

Thank you.