Pinakin Patel
Aug 22, 2017 · 1 min read

Hi Georgijs
We are still not able to configure SAML with Google apps. We contacted google number of times and have sent SAML response to identify the error.
Google suggest the SAML response that google is receiving is correct except it should include “InResponseTo” id. KeyCloak is not sending this attribute.
<saml:Assertion xmlns=”urn:oasis:names:tc:SAML:2.0:assertion”
ID=”ID_726b3041–4031–4ad3–8871–2148688c52e3"
IssueInstant=”2017–08–22T01:55:41.805Z”
Version=”2.0"
>
<saml:Issuer>https://im.site.edu.au/auth/realms/siteinstitute.edu.au</saml:Issuer>
<dsig:Signature xmlns:dsig=”http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm=”http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<dsig:SignatureMethod Algorithm=”http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<dsig:Reference URI=”#ID_726b3041–4031–4ad3–8871–2148688c52e3">
<dsig:Transforms>
<dsig:Transform Algorithm=”http://www.w3.org/2000/09/xmldsig#enveloped-signature” />
<dsig:Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#sha256" />
<dsig:DigestValue>tIOaJh9LL3wuro20uoyOFhFG0mgfQU+1DSplIZS4+HI=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue></dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate></dsig:X509Certificate>
</dsig:X509Data>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus></dsig:Modulus>
<dsig:Exponent>AQAB</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
<saml:Subject>
<saml:NameID Format=”urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”>pinakin2@siteinstitute.edu.au</saml:NameID>
<saml:SubjectConfirmation Method=”urn:oasis:names:tc:SAML:2.0:cm:bearer”>
<saml:SubjectConfirmationData NotOnOrAfter=”2017–08–22T02:00:39.805Z”
Recipient=”https://www.google.com/a/siteinstitute.edu.au/acs
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore=”2017–08–22T01:55:39.805Z”
NotOnOrAfter=”2017–08–22T01:56:39.805Z”
>
<saml:AudienceRestriction>
<saml:Audience>https://www.google.com/a/siteinstitute.edu.au/acs</saml:Audience>
</saml:AudienceRestriction>
<saml:OneTimeUse/>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=”2017–08–22T01:55:41.805Z”
SessionIndex=”91a1ae7b-3c24–463a-a8a7–81837ca88a07::9d3a19d5–48bb-4df8-aadb-beae7722797a”
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>

)