Email id not displayed on GCIP users tab

10 views
Skip to first unread message

Terrance R

unread,
Feb 5, 2021, 10:38:58 PM2/5/21
to google-cicp-discussion
Hello,

We are getting the attached error on GCIP users screen where email field next to check box is coming as empty (user creation on GCIP is anonymous)

Idp is external (Salesforce) and GCIP provider configuration is SAML2 based.
We noticed that IAP/GCIP fails to parse  <saml:NameID> attribute when its value is prefixed with id - say in the below case 00D09000005M2cF.
Per the namespace, saml, id@user format is valid.

How can we address this problem?

<saml:Subject>
            <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">00D09000005M2cF@testuser@gmail.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData InResponseTo="_45c4bfd64ffe7d646139c51c56cff10a"
                                              NotOnOrAfter="2021-01-29T13:07:20.760Z"
                                              Recipient="https://<appname>.firebaseapp.com/__/auth/handler"
                                              />
            </saml:SubjectConfirmation>
        </saml:Subject>
error.png

Julio Colino

unread,
Feb 10, 2021, 9:37:02 AM2/10/21
to google-cicp-discussion
Hello,

Can you share if you are following any guide for the implementation?

I found this document [1] for enabling external identities

Reply all
Reply to author
Forward
0 new messages