Hi. I am working with CloudStack and I'm indending to use it as a Service Provider connected through SSO with our Google Suite catalog. I did the next: 1/ Generated a self-signed certificate for CLIdStask UI (for https://cwiki.apache.org/confluence/display/CLOUDSTACK/Enabling+SSL+in+the+CloudStack+UI ) 2. In the admin panel, Google created the SAML application. I entered: * ACS URL -- https://my.cloudstack.url:8443/client/api?command=getSPMetadata * entity ID -- my.cloudstack.url * Login URL -- https://my.cloudstack.url:8443/client/ * Uncheck -- Signed Answer Then I got from Google xml metadata file, that I upload to /etc/cloudstack/management.
3. In CloudStack UI I entered such parameters (for http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/accounts.html ): *saml2.enabled -- true *saml2.idp.metadata.url -- name_of_metadatafile.xml *saml2.sp.id -- my.cloudstack.url *saml2.default.idpid -- leave blank *saml2.sigalg -- SHA256 *saml2.redirect.url -- https://my.cloudstack.url:8443/client/ *saml2.sp.org.name -- my.cloudstack.url *saml2.sp.org.url -- https://my.cloudstack.url:8443/client/ *saml2.sp.slo.url -- https://my.cloudstack.url:8443/client/ *saml2.sp.sso.url -- https://my.cloudstack.url:8443/client/ *saml2.user.attribute -- emailAddress *saml2.timeout -- default value After redirect from CloudStack login page i see Google page with error 400 "Invalid Request, invalid idpId in request URL, check if SSO URL is configured properly on SP side." What are my mistakes? Thanks for advise
