ADFS and SAML

576 views
Skip to first unread message

David Marchbanks

unread,
Jul 26, 2012, 9:56:34 AM7/26/12
to google-app...@googlegroups.com
Hello, I am in the process of getting ADFS to work with Google's SSO.

The error I am getting is: 
This account cannot be accessed because the login credentials could not be verified.

I have been trying to find a way of figuring out what is going wrong as it appears that my login on the ADFS side is working, just not on the Google Apps.

Because of how our Xerox machines, a users's Google apps information is being stored in the Notes (LDAP: info) to avoid unwanted address from appearing on our Xerox machines.

I have read posts about certs being wrong, and I am trying my best to get a self-signed cert to work before we go and purchase a authenticated one. Any help is appreciates

If folks ask about plugins, I use Google chrome for configuration, and internet explorer for testing ( to avoid cookie issues ).

David Marchbanks

unread,
Jul 30, 2012, 12:20:47 PM7/30/12
to google-app...@googlegroups.com
I resolved this issue.

Bashrat Din

unread,
Jul 30, 2012, 12:26:02 PM7/30/12
to google-app...@googlegroups.com
Do you mind me asking how you resolved this David?

It may serve for future knowledge.

Marchbanks, David

unread,
Jul 30, 2012, 12:31:11 PM7/30/12
to google-app...@googlegroups.com

http://www.huggill.com/2012/01/12/setting-up-google-apps-single-sign-on-sso-with-adfs-2-0-and-a-custom-sts-such-as-identityserver/

 

This set of instructions is 100% correct.

 

My main problems were alternating from not supplying the NameID, and my certificate. I found that you need to export your ADFS Signing certificate ( from the certificates tab in AD FS) import it into your relay and into Google Apps. The instructions mention this, but I must have glanced over it. After this, it worked fine as long as the username I used had a assigned email address attribute to it.

--
You received this message because you are subscribed to the Google Groups "SAML-based Single Sign On for Google Apps" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-saml-sso/-/KH_mrpPbIWQJ.
To post to this group, send email to google-app...@googlegroups.com.
To unsubscribe from this group, send email to google-apps-saml...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-apps-saml-sso?hl=en.

Bashrat Din

unread,
Jul 30, 2012, 12:34:22 PM7/30/12
to google-app...@googlegroups.com
Excellent, thanks very much.

Regards

Bash
Reply all
Reply to author
Forward
0 new messages