jbye
1
Hi
Could someone point me in the right direction as to what the SAML Metadata URL should be for Google Business? It seems Google does not offer a Metadata endpoint, instead they provide the Metadata as XML.
jesse
2
Sorry for the late reply. Did you figure this out? I don’t use Google business, but I have successfully configured Redash with SAML 2.0 a few times. And I wonder if the XML metadata is available but isn’t obviously so. See below:
This screensnap from Okta shows their configuration screen. The Identity Provider Metadata link points to an XML document that is publicly accessible.To setup with Redash, I copied the link location for that link and pasted it into Redash. I’ve seen the same procedure elsewhere.
Would something similar work for you needs?
dcherniv
3
@jbye
If you haven’t figured it out already.
What i ended up doing is hosting metadata.idp myself on the redash container.
But anyhow, if you spin up a simple nginx and drop metadata.idp into index.html, you can point your redash to http://localhost/index.html for metadata url. Like this:
On google’s end, for some reason entity id had to match the entity id configured in redash like this:
https://accounts.google.com/o/saml2?idpid=REDACTED
ACS URL looks like this:
https://redash.MYCUSTOMDOMAIN.com/saml/callback?org_slug=default
Rovel
5
is safe to serve that xml open to public access? or you have that endpoint open only in local network?
jesse
6
I believe the SAML spec allows it to be public. But it only needs to be available to Redash.
Rovel
7
I was wondering since google do not make their url public, only accessible with the certificate
chilljoy
8
Can you tell me what you mean by ‘drop metadata.idp into index.html’? Is it literally as simple as copying the metadata from my SSO provider right onto the index.html file? No tags, nothing like that? Just make a blank file called ‘index.html’ and literally copy the metadata right into the file? (pic attached)
