Setting up multiple G Suite domains for Enterprise Login

10-09-2019 07:24 AM
New Contributor


Newbie here trying to work out a solution for this login scenario: There are multiple, unrelated G Suite domains that we'd like to set up for Enterprise login. Since each domain is considered a different idP, it looks like I need to set up a federation of Identity Providers and provide a discovery service.

I found Shibboleth's EDS and configured it with 2 of the domains. For simplicity's sake I am hosting it on the same server as Portal itself (/arcgis/home/wayf). 

When selecting the Enterprise Login option at the signin screen, the discovery page renders correctly. But selecting a domain results in a 400 error:

Unable to login using Idp PKIX path validation failed: validity check failed


One possible cause is that, while configuring the federation in Portal's settings, I didn't have a value for the certificate so I ended up using one of the idP's instead. Other than that, I'm not sure how to continue troubleshooting this. Any suggestions or alternative approaches?


Tags (1)
0 Kudos
0 Replies