search

zulip / docker-zulip

Container configurations, images, and examples for Zulip.
https://zulip.com/
Apache License 2.0
574 stars 238 forks source link

Google SAML #415

Closed roysbike closed 11 months ago

roysbike commented 11 months ago

Trying to set up auth through Google Workspace SAML. Does anyone have an example of the config and variables?

But auth not working Error: app_not_configured_for_user

Service is not configured for this user.

     SETTING_SOCIAL_AUTH_SAML_ORG_INFO: |
        {
                "en-US": {
                "displayname": "example",
                "name": "example",
                "url": "{}{}".format("https://", EXTERNAL_HOST)
            }
        }
      SETTING_SOCIAL_AUTH_SAML_ENABLED_IDPS: |
        {
            "google": {
                "entity_id": "https://accounts.google.com/o/saml2?idpid=*****",
                "url": "https://accounts.google.com/o/saml2/idp?idpid=******",
                "x509cert_path": "/google.crt",
                "display_name": "Google SAML",
                "auto_signup": True
            }
        }

Google

URL ACS https://chat.mydomain.com/complete/saml ID object: https://chat.mydomain.com Mapping primary_email -> username Last name -> last_name First name -> first_name

roysbike commented 11 months ago

Who set it up and can tell you how to properly prepare the config for google g Suite saml?

roysbike commented 11 months ago

My xml

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" cacheDuration="P10D" entityID="https://chat.mydomain.com.ae">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://chat.mydomain.com.ae/complete/saml/" index="1"/>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en-US">zulip</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en-US">Zulip chat</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en-US">https://chat.mydomain.com.ae</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Technical team</md:GivenName>
<md:EmailAddress>zulip-admin@example.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>Support team</md:GivenName>
<md:EmailAddress>zulip-admin@example.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
roysbike commented 11 months ago

URL ACS https://chat.mydomain.com/complete/saml -> URL ACS https://chat.mydomain.com/complete/saml/