SAML Sign in with Google - Eonic/ProteanCMS GitHub Wiki

1. Set up your app in Google as a custom SAML application Steps in Google Admin Console (IdP):

  1. Go to - Set up your own custom SAML app - Google Workspace Admin Help 

  2. Go to Menu and then Apps > Web and mobile apps .

  3. App Details:
    Enter an app name (e.g., “ITBWebsite”) and optionally upload an icon.

  4. Download IdP Metadata:
    Google will show you:

  • SSO URL (e.g., https://accounts.google.com/o/saml2/idp)

  • Entity ID ex- ProteanCMS

  • Certificate (download this as it will be used by the SP)

Configure your SP (Service Provider) In the Service Provider Details window, enter:

  1. ACS URL—The service provider's Assertion Consumer Service URL receives the SAML response. It must start with https://. (https://demo2019.intotheblue.co.uk/?ewcmd=admin )
  2. Entity ID—The globally unique name.  ex- ProteanCMS
  3. Start URL—(Optional) This sets the RelayState parameter in a SAML Request, which can be a URL to redirect to after authentication. (Optional) Set Name ID format and Name ID value for your custom SAML app. The default Name ID is the primary email. Update your app’s config or equivalent with: image.png Handle SAML Response in your app

  • Parse the POSTed SAML response from Google

  • Validate the signature using the downloaded certificate

  • Read the NameID or Email and any attributes

  • Log in the user or create a new account

Testing

  • Assign users/groups to this app in Google Admin Console

  • Try logging in via your SAML initiation URL (SP-initiated) or via Google (IdP-initiated)

⚠️ **GitHub.com Fallback** ⚠️