search

greenpau / caddy-security

๐Ÿ” Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. ๐Ÿ’Ž Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. ๐Ÿ’Ž Authorization with JWT/PASETO tokens. ๐Ÿ”
https://authcrunch.com/
Apache License 2.0
1.32k stars 69 forks source link

Integrate SSO with Google SAML #330

Open pmquang opened 3 months ago

pmquang commented 3 months ago

A clear and concise description of what you want to accomplish.

hi @greenpau ,

I don't know if this is a proper place to ask, but I'm seeking helps to configure SSO with Google SAML:

{
    debug
    order authenticate before respond
    order authorize before basicauth

    security {
        saml identity provider google {
            realm google
            driver generic
            idp_metadata_location /root/caddy/google/google-saml-metadata.xml
            entity_id https://accounts.google.com/o/saml2?idpid=C01k107kt
            idp_login_url https://accounts.google.com/o/saml2/idp?idpid=C01k107kt
            idp_sign_cert_location /root/caddy/google/certificate.pem
            application_name "Google SAML Auth"
            acs_url https://auth.quangpm.net/saml/google
        }

        authentication portal myportal {
            crypto default token lifetime 3600
            crypto key sign-verify 8x27pg7bbIB7mPi/1VjoeJxfDOfAGdZXKmEMqS7R6TE=
            enable identity provider google
            cookie domain quangpm.net
            ui {
                links {
                    "Main Site" https://asset.quangpm.net/ icon "las la-star"
                    "My Identity" "/whoami" icon "las la-user"
                }
            }
            transform user {
                match realm google
                action add role authp/user
            }
        }

        authorization policy mypolicy {
            set auth url https://auth.quangpm.net/
            allow roles authp/admin authp/user
            crypto key verify 8x27pg7bbIB7mPi/1VjoeJxfDOfAGdZXKmEMqS7R6TE=
        }
    }
}

(tls_config) {
    tls /root/caddy/server.crt /root/caddy/server.key
}

auth.quangpm.net {
    import tls_config
    authenticate with myportal
}

asset.quangpm.net {
    import tls_config
    authorize with mypolicy
    root * /srv/
    file_server
}

I try configuring Google SAML like this but it doesn't work, when I clicked on the Login button, it showed 

Error parsing the request, No SAML message present in request Thatโ€™s all we know.

Is there anything wrong here, it should be a POST or GET with URL params to Google SSO ? I only see it redirected to https://accounts.google.com/o/saml2/idp?idpid=C01k107kt

greenpau commented 3 months ago

@pmquang , please upload attach the file with the logs. I see you already have debug enabled.

pmquang commented 3 months ago

@pmquang , please upload attach the file with the logs. I see you already have debug enabled.

Here you are sir @greenpau , logs from when I access to https://auth.quangpm.net to I meet the error

caddy.log