Skip to content

Google Apps

Jump to bottom Edit New page
Paweł Gościcki edited this page Oct 12, 2022 · 3 revisions

Google Apps configuration

  • login to https://admin.google.com
  • click "Apps" -> "Web and mobile apps"
  • click "Add App" -> "Add custom SAML app"
  • Step 1 of 5: enter App details
  • Step 2 of 5: copy all of the "Google IdP Information" provided and download a copy of the certificate
  • Step 3 of 5: add a custom Application Name and optional Description and custom logo
  • Step 4 of 5: fill in the following fields
    • ACS URL: #{your_server_url}/users/saml/auth
    • Entity ID: #{your_server_url}/users/saml/metadata
    • Start URL: you can leave this blank
    • Signed Response: check this to encrypt the SAML responses
    • Name ID: select "Basic Information" and "Primary Email"
    • Name ID Format: EMAIL
  • Step 5 of 5: add new mappings for other fields you may want (like first name, last name)
    • first_name, Basic Information, First Name
    • last_name, Basic Information, Last Name
    • email, Basic Information, Primary Email

attribute-map.yml

# These values come from Attribute Mapping section of the Google App's SAML Application

"first_name": "first_name"
"last_name": "last_name"
"primary_email": "email"

devise.rb

  # Configure with your SAML settings (see ruby-saml's README for more information: https://github.com/onelogin/ruby-saml).
  server_url = 'https://YOUR_SERVER_URL.com'
  config.saml_configure do |settings|
    # assertion_consumer_service_url is required starting with ruby-saml 1.4.3: https://github.com/onelogin/ruby-saml#updating-from-142-to-143
    settings.assertion_consumer_service_url     = "#{server_url}/users/saml/auth"
    settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    settings.name_identifier_format             = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
    settings.issuer                             = "#{server_url}/users/saml/metadata"
    settings.authn_context                      = ""
    settings.idp_slo_target_url                 = ""

    # similar to https://accounts.google.com/o/saml2/idp?idpid=xxxxxx
    settings.idp_sso_target_url                 = "YOUR_GOOGLE_APPS_URL"

    settings.idp_cert                           = <<-CERT.chomp
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
      CERT
  end

Here

Add a custom sidebar
Clone this wiki locally