mmoshcs Super Contributor.
Super Contributor.
383 views

Trying to setup a "Sign in with Google" button

NAM version is 4.4.4, running a single appliance

We're a GSuite School so I've setup Google as a SAML2 IdP in NAM. The authentication is working as expected but the user does not get redirected to the protected resource, the following is the flow the user is getting


  1. User tries to access a resource while not authenticated to NAM
  2. User is redirected to NAM login, showing standard username/password form
  3. User selects the Google auth card
  4. SAML2 succeeds with Google (either automatically as already signed in or after a google sign in, does not matter which)
  5. User ends up at a NAM page saying "Your session has been authenticated."


    Not sure what I've got wrong in the setup, if the user then tries to access a protected resource after this all works fine as the user is authenticated to NAM. I would have expected the user to be redirected back to the requested protected resource. If the user at step 2 signs in with the local username/password they get redirected to the protected resource no problem.

    Thanks for any help, first SAML2 IdP I've ever set up in NAM
0 Likes
2 Replies
ScorpionSting Absent Member.
Absent Member.

Re: Trying to setup a "Sign in with Google" button

mmoshcs;2499378 wrote:
NAM version is 4.4.4, running a single appliance

We're a GSuite School so I've setup Google as a SAML2 IdP in NAM. The authentication is working as expected but the user does not get redirected to the protected resource, the following is the flow the user is getting


  1. User tries to access a resource while not authenticated to NAM
  2. User is redirected to NAM login, showing standard username/password form
  3. User selects the Google auth card
  4. SAML2 succeeds with Google (either automatically as already signed in or after a google sign in, does not matter which)
  5. User ends up at a NAM page saying "Your session has been authenticated."


    Not sure what I've got wrong in the setup, if the user then tries to access a protected resource after this all works fine as the user is authenticated to NAM. I would have expected the user to be redirected back to the requested protected resource. If the user at step 2 signs in with the local username/password they get redirected to the protected resource no problem.

    Thanks for any help, first SAML2 IdP I've ever set up in NAM

    Under the SAML configuration on the IdP, you can set the contract to use....change this to the Social Login (Google)....hopefully that should resolve the redirect issue....

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Trying to setup a "Sign in with Google" button

On 08-05-2019 10:54 AM, mmoshcs wrote:
>
> NAM version is 4.4.4, running a single appliance
>
> We're a GSuite School so I've setup Google as a SAML2 IdP in NAM. The
> authentication is working as expected but the user does not get
> redirected to the protected resource, the following is the flow the user
> is getting
>
>
> - User tries to access a resource while not authenticated to NAM
> - User is redirected to NAM login, showing standard username/password
> form
> - User selects the Google auth card
> - SAML2 succeeds with Google (either automatically as already signed
> in or after a google sign in, does not matter which)
> - User ends up at a NAM page saying "Your session has been
> authenticated."
>
>
> Not sure what I've got wrong in the setup, if the user then tries to
> access a protected resource after this all works fine as the user is
> authenticated to NAM. I would have expected the user to be redirected
> back to the requested protected resource. If the user at step 2 signs in
> with the local username/password they get redirected to the protected
> resource no problem.
>
> Thanks for any help, first SAML2 IdP I've ever set up in NAM
>
>

If ScorpionSting's suggestion doesn't resolve the issue then post a fiddler trace here. Just keep in mind that a fiddler trace can show sensitive
information!!


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.