Reset Search
 

 

Article

KB40829 - "Invalid Email" message when attempting to authenticate to Google G-Suite when Pulse Connect Secure is acting as identity provider (IDP)

« Go Back

Information

 
Last Modified Date10/10/2017 9:54 PM
Synopsis
This article describes an issue where end users receive "G Suite - Invalid Email" message when attempting to authenticate to Google G-Suite through when PCS is acting as identity provider.
Problem or Goal
If end users tries to access the Google G-Suite URL, browser redirects to PCS for authentication where the end user would receive the following error message:
G Suite - Invalid Email

Invalid Email

We are unable to process your request at this time, please try again later.

G SUITE: invalid E-MAIL
In the user access log,  the following message will appear:
Sending SAML response for Username: [xxx], User Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/48.0.2564.116 Safari/537.36], Subject Name: [uid=user1], Source IP: [XX.XXX.XX.XXX], Type: [SP-Initiated], SP EntityID: 
[google.com], Session ID: [sidb9e523e7d30708555f074b03b5caa8300e7fa4f7d4cbc27b], Relay State: [Mjg0MzQ6OkZhbHNlOjo6Ojo6RmFsc2U=], 
AuthnRequest ID: [_00886c2f-c5e3-46c0-aff2-0d246ba8c96c]
Cause
The issue occurs when all conditions are met:
  1. Google G-Suite acting as Service Provider (SP)
  2. PCS device acting as Identity Provider (IDP)
  3. Under User Identity (Signing In > Sign-in SAML > Identity Provider > Service-Provider-related IdP Configuration), Subject Name is configured as "uid=<username>@<domain name>"
Solution
To resolve the issue, remove the "uid=" from the Subject Name.
  1. Login to admin console
  2. Navigate to Signing In > Sign-in SAML > Identity Provider > Service-Provider-related IdP Configuration
  3. Under User Identity, remove the "uid=" from Subject Name
  4. Click Save Changes
Example:
User-added image

In the user access log, the following entry will appear with the subject name :
 
Sending SAML response for Username: [xxx], User Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/48.0.2564.116 Safari/537.36], Subject Name: [user1@pulsesecure.net], Source IP: [XX.XXX.XX.XXX], Type: [SP-Initiated], 
SP EntityID: [google.com], Session ID: [pidb9e52sde7d3708555f074b03b5caa8300e7fa4f7d4cbc27b], Relay State: [Njg0MzQjdghdgh6OkZhbHNlOjo6Ojo6RmFsc2U=],
 AuthnRequest ID: [_002326c2f-6te3-46c0-aff2-0d246ba8c96c]
 

 

Related Links
Attachment 1 
Created Bys ramkumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255