Google Cloud / G Suite SSO Logout fails with error AADSTS750054

Hans Hedman 56 Reputation points
2021-04-29T07:40:34.807+00:00

We have configured SSO in Google using Azure AD as IdP.
It is set up by adding the Google Cloud / G Suite Connector by Microsoft enterprise application to Azure AD.
Login is working fine but when logging out from Google it gives this error message:

Sorry, but we’re having trouble signing you in.
AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

The URL is the same as in Login URL and Logout URL step 4 of the SAML configuration of the app. According to the tutorial on MS Docs it is correct that the URL is the same for Login and Logout.

There isn't much configuration to be done on the Google side so I'm focusing on the configuration in Azure.

On the Basic SAML Configuration page, I have tried all sorts of different combinations in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields. Right now I have google.com/a/edu.ourdomain.se as the only Identifier and https://www.google.com/a/edu.ourdomain.se/acs as the only Reply URL. But I have also had several entries like https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial suggests.

As Sign on URL I have https://www.google.com/a/edu.ourdomain.se/ServiceLogin?continue=https://console.cloud.google.com
Relay State and Logout Url are empty.

On the SAML Signing Certificate page the Signing Option is Sign SAML assertion

Apart from that there isn't any configuration options that I can see would affect this.

Microsoft Entra
Accepted answer
  1. L Holt 111 Reputation points
    2021-05-10T17:36:02.353+00:00

    I think I may have found a solution.

    The Sign in and Out URL, MS created to use in your Google SSO setting, is the same url.

    Login URL https://login.microsoftonline.com/#####NUMBERS####/saml2
    Azure AD identifier https://sts.windows.net/#####NUMBER#####/
    Logout URL https://login.microsoftonline.com/#####NUMBERS####/saml2

    Replace the signout URL in the Google Console with https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0

    This worked for me, might be a bug / issue??

    *edited to highlight its in Google not Azure you need to make the change.

    7 people found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kyle Hardin 41 Reputation points
    2021-04-30T23:29:10.387+00:00

    I've got the same thing happening. Nothing show stopping because it only appears at logout (which occurs successfully), but will potentially generate support calls.

  2. Smith, Evan 1 Reputation point
    2021-05-07T11:38:32.91+00:00

    I also have the same issue using Gsuite MS Azure app . has anyone found an answer for this?