Azure/Gsuite连接器身份验证问题,服务器错误&无效的电子邮件
问题:我在尝试通过Azure AD尝试SSO时会从Google遇到错误,甚至无法开始猜测为什么或如何进行调试问题。
故事:
我的组织正在考虑通过为Web托管和SharePoint设置Azure来利用Microsoft的非营利利益,这也需要使用Active Directory。就目前而言,我们已经成功地使我们的网站运行并在我们的自定义域上可以访问世界,并且我们的广告填充了Google Workspace目录中的内容,因此我们可以将Active Directory用作权威目录。
我们一直在尝试使用Azure/gsuite连接器实现SSO,以使它们具有Azure凭据,以进入Gmail,Docs,Drive等,但Google Workspace似乎扼杀了。我已经浏览了 setup指令/a>重复,确保我们使用连接器SAML设置中的所有适当URL以及在工作区的“带有第三方IDPS”设置的“ SSO”设置中,适当的证书就位...设置但不活动,并且不活动,并且我已经成功地将我的帐户和一个无私人的测试帐户提供。
这是我在azure中的设置:
这是我在Google中的设置:
,要对此进行测试,这就是我所做的:
- 我打开了一个新的Inprivate /隐身窗口。
- 我转到 https://myapplications.microsoft.com/ ,并提示登录。我使用我的无私人测试帐户凭据。
- 在验证后,我单击连接器应用程序,以尝试转到我的Gmail收件箱。
- 在白色屏幕上等待后,我将获得一个Google错误屏幕,其中“ 无效的电子邮件 - 我们此时无法处理您的请求,请稍后再试。”
可以使用Google登录到帐户中
如果我在Google Admin中禁用我的组织的SSO设置,则 一个类似的页面,带有略有不同的消息:“ 服务器错误 - 我们目前无法处理您的请求,请稍后再试。”
整个晚上,我一直在猛击我的头,无法取得任何进展。什么给?我什至不知道如何调试这些错误。
The problem: I'm getting errors from Google while attempting SSO through Azure AD and can't even begin to guess why or how to go about debugging the issue.
The story:
My org is looking at leveraging Microsoft's nonprofit benefits by setting up Azure for web hosting and Sharepoint to start with, which also entails using Active Directory. As it stands right now, we've successfully gotten our website running and accessible to the world on our custom domain, and our AD is populated with a copy of what's in our Google Workspace directory so we can use Active Directory as our authoritative directory.
We've been trying to implement SSO with the Azure/Gsuite connector, to have them auth with their Azure credentials to get into GMail, Docs, Drive, etc, but Google Workspace seems to choke. I have gone over the setup instructions repeatedly, ensured we're using all of the proper URLs in the Connector's SAML settings and in Workspace's "SSO with third party IDPs" settings, the proper certificate is in place... Provisioning is set up but not active, and I have successfully provision-on-demanded my account and an unprivileged test account.
Here are my settings in Azure:
Here are my settings in Google:
And to test this here's what I've done:
- I open up a fresh InPrivate/Incognito window.
- I go to https://myapplications.microsoft.com/ and am prompted to login. I use my unprivileged test account credentials.
- Upon auth I click on the Connector app to attempt to go to my Gmail inbox.
- After a wait on a white screen, I get a Google error screen with "Invalid Email - We are unable to process your request at this time, please try again later."
If I disable the SSO settings for my org in Google Admin, I'm able to log into the account just fine with Google, get to the gmail inbox, etc.
Conversely, if I attempt the same steps with my admin account, I get a similar page with a slightly different message, "Server Error - We are unable to process your request at this time, please try again later."
I have been bashing my head against this for two whole nights and can't make any headway. What gives? I can't even figure out how to debug these errors.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
某人(ME)失败了他们的感知检查反复检查,因为问题是唯一的用户标识符SAML在Azure中的SAML声明设置为
user.mail.mail而不是user.userprincipalname按照教程。我现在看看自己。
Somebody (me) failed their perception check repeatedly because the problem was that the Unique User Identifier SAML claim in Azure was set to
user.mailinstead ofuser.userprincipalnameas it should have been as per the tutorial.I'll see myself out now.