Hi all,
I configured my Azure AD tenant to SSO/Provisioning with Google Apps but received "This account cannot be accessed because the login credentials could not be verified." error from Google when POST SAML Assertion from Azure AD to Google Apps ACS endpoint.
I know there were certificate problems in Azure AD before and I understand currently it was fixed. In fact I configured Google Apps SSO in September, and it worked fine.(No differences this time and before...)
I traced SAML Assertion and get difference in NameID element.
- In September : <NameID>foo@mydomain.com</NameID>
- Current : <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">foo@mydomain.com</NameID>
I think this difference do not effect anything, but no other differences I could find.
Any ideas?
Naohiro Fujie MVP for Forefront Identity Manager ( Jan 2010 - Dec 2014 )