when setting up Google Apps getting error Login request contained invalid recipient information



1 comment

  • Official comment
    Tony Bagalini

    The SAML connector must be configured to use the primary domain on the Google Apps account. When the SAML assertion is built it will automatically take your email_name_part (everything before the @) and attach it to the domain that the SAML connector is configured to use. Once you change the connector to use the primary domain you should be able to login with no issues. 

    If you have a domain alias you want to utilize the standard instructions but instead of setting the email parameter in your app to email name part you want to use full email address. This way you can utilize the domain in the configuration but match the full email on the user for authentication. 

    You should follow the following steps to correct this:
    On the configuration tab click CLEAR TOKEN
    On the same tab change the domain under the configuration tab to the domain
    Click Save

    Follow the standard instructions here to generate a new token via the Google API (Step 5) : https://support.onelogin.com/hc/en-us/articles/201173424-Configuring-SAML-for-G-Suite
    and continue following the instructions except for when setting the email parameter. Instead of using "email name part" use "email"

    Comment actions Permalink

Please sign in to leave a comment.