This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Identity Platform fails with OIDC SSO integration

Posted on 12-23-2024 12:02 PM
sokol8
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi all,

I'm working on OIDC SSO integration between GCP Identity Platform and Clareity

I have successfully added OIDC Identity Provider with Code Flow by providing Issuer URL and the rest of params.

openid-configuration is accessible and is a valid JSON.

I have created a Web page according to the docs and initiate Sign in process through a pop.

Once a user authenticates within a pop-up there's an error in the GCP logs:

 

 

methodName: "google.cloud.identitytoolkit.v1.AuthenticationService.SignInWithIdp"
request: {
@type: "type.googleapis.com/google.cloud.identitytoolkit.v1.SignInWithIdpRequest"
returnIdpCredential: true
returnSecureToken: true
}
status: {
code: 3
message: "INVALID_IDP_RESPONSE : Cannot parse http response as JSON: eyJraWQiOiJiMDg3MzczYzNlMDk1YmM0N2VjZTgwZGQ2Yzg3NzgzYTcxZDBh......"
}
}

 

 

 
 
 
I truncated JSON from the logs for security reasons.
 
What is returned is a valid signed JWT which I can parse without any issues using jwt.io
 
This brings me to a question. Does Identity Platform expects some other kind of JSON response?
There's nothing in Google's docs about it and nothing I can find on the web.
 
What should I do or tell to Clareity to in order for Identity Platform to finish the SSO process?
There's too little control on the Identity Platform side so I cannot taune anything at all.

Thank you!

0 3 495
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
kensan
Staff
Reply posted on --/--/---- --:-- AM

Hi @sokol8,

Welcome to Google Cloud Community!

Make sure that the response from Clareity is in the correct format and encoding. Some identity providers might return a base64url encoded JWT within a non-JSON response, which could lead to parsing issues for Identity Platform. Ensure the response body is valid JSON and includes the JWT as a key not just the JWT in raw form. You can check these parameters when working with OIDC providers

The error logs indicate that Identity Platform is unable to parse the response. It's a good idea to log the response from your provider at each stage of the authentication flow to determine if the issue is related to the response format.

If Clareity is returning a valid JWT, the problem is likely with how the response is structured or wrapped. It would be beneficial to share both the error log and the response structure with Clareity's support team to ensure the response is formatted in a way that Identity Platform can process correctly.

You can also check this document  for how to use Identity Platform to sign in users with an OpenID Connect (OIDC) provider.

If the issue still persists and you need further assistance, you can file a ticket with our Google Cloud Support.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

 

Posted on --/--/---- --:-- AM
sokol8
Bronze 3
Bronze 3
In response to kensan
Reply posted on --/--/---- --:-- AM

hello @kensan 

Thanks a lot for your detailed response. I am waiting for a support call with Clareity some time later this week. Then I will know if we can resolve this situation.

 

0 Likes

Posted on --/--/---- --:-- AM
sokol8
Bronze 3
Bronze 3
In response to sokol8
Reply posted on --/--/---- --:-- AM

Hi @kensan , we could not get OIDC to work. Clareity engineers claimed that their implementation is according to the standard and they could not change anything.

We found it easier to move to SAML - which fortunately worked out for us.

Great thanks for you previous response!

 

0 Likes
Top Labels in this Space
Top Solution Authors
View all