AnsweredAssumed Answered

Setting up multiple G Suite domains for Enterprise Login

Question asked by smachado_5r on Oct 9, 2019

Hello!

 

Newbie here trying to work out a solution for this login scenario: There are multiple, unrelated G Suite domains that we'd like to set up for Enterprise login. Since each domain is considered a different idP, it looks like I need to set up a federation of Identity Providers and provide a discovery service.

 

I found Shibboleth's EDS and configured it with 2 of the domains. For simplicity's sake I am hosting it on the same server as Portal itself (/arcgis/home/wayf). 

 

When selecting the Enterprise Login option at the signin screen, the discovery page renders correctly. But selecting a domain results in a 400 error:

 

Unable to login using Idp sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

 

One possible cause is that, while configuring the federation in Portal's settings, I didn't have a value for the certificate so I ended up using one of the idP's instead. Other than that, I'm not sure how to continue troubleshooting this. Any suggestions or alternative approaches?

 

Thanks!

Outcomes