Security

 View Only
last person joined: 3 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

ClearPass SSO With Google Workspace using SAML - RelayState missing/invalid

This thread has been viewed 6 times
  • 1.  ClearPass SSO With Google Workspace using SAML - RelayState missing/invalid

    Posted Nov 21, 2023 11:25 AM

    Hello,

    From a very basic level, I am trying to get ClearPass SSO to work with Google G Suite. I've followed a couple guides (links below). For now, I am just trying to get admin authentication to work with ClearPass before I get more adventurous with user auth or web logins. 

    Config:

    Basic custom SAML app in Google. The certificate was downloaded and I am pointing CPPM's SSO config to the below ACS. Notice also that the user access is ON for everyone. 

    I have this accounts.google.com URL in the ClearPass SSO config (will show later). 

    More details. I checked the Signed response checkbox, following the guides.

    Notice all the settings and how they're following the guides. 

    And in case this matters (I don't think it does yet considering that I see nothing in Event Viewer or Access tracker regarding this login) here's my service config. Very barebones. 

    Now, when I navigate to ClearPass guest, I get redirected to Google's Account Chooser. AWESOME! I click on the account associated with the G Suite account and this is what it returns. 

    Weird. I navigate back to Google and the SAML tab. I click on TEST SAML LOGIN. This is the result.

    What am I missing here? 

    Links:

    https://support.hpe.com/hpesc/public/docDisplay?docId=a00091071en_us

    https://www.flomain.de/2023/05/clearpass-sso/