single-sign-on saml rocket.chat idp google-gsuite

Setting up SAML for Rocker.Chat (SP) with GSuite (IDP)

I have an instance of Rocket.chat running on an Ubuntu server, and I am trying to configure SAML on Rocket.chat (SP) and GSuite (IDP) so that I can enable login to Rocket.chat with GSuite identities.

After several rounds of going through the documentation of rocket.chat and gsuite and testing, I am out of ideas. I would really appreciate if someone could write some instructions on how to setup it up, or point to good documentation, guides, videos about SAML on Rocket.Chat.

Thanks

Solution

After many hours of debugging, looking at the source code, reading the documentation of SAML I managed to figure it out.

The steps are too long to list here so instead I summerised the needed steps in this post on my personal blog... with screenshots and references:

https://blog.jarrousse.org/setting-up-saml-for-rocker-chat-with-g-suite/

I appreciate any comments and suggestions.

Integration of SSO using MSAL in Angular project gets 401 returned error after login
Simple way to put AWS Lambda app behind SAML authentication
Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
Log out from SSO kerberos
Getting TypeError: client_secret_basic client authentication method requires a client_secret
SSO not working in iOS when using AWS Cognito and Azure AD
Logout from next-auth with keycloak provider not works
Azure b2c still authenticated after hitting logout
What's the relationship between Keycloak SSO Session Idle Time and Spring Session Timeout?
Execute a RESTAPI request from Powershell using the credentials of the user logged into the windows machine(AD Credential's)
Python SSO: pysaml2 and python3-saml
Keycloak adapter not able retrieve current username from windows AD logged-in user
keycloak - realm resolution based on username (email address)
Rolify and acts_as_tenant with Single Signon (with some Devise & Pundit on the side) - can it be done?
which Oauth flow is good for Token authentication with javascript SPA
Can I have secrets that don't expire in Microsoft SSO via Azure Microsoft Entra ID?
Java 17 Allow RC4 HMAC while keeping allow_weak_crypto as false in krb5.conf
Zabbix SAML Config using ActiveDirectory WIN 2016-ADFS
Do Personal Accounts Have a UPN
Buildfire: login api
Moodle intergration with ADFS--Plugin SAML2 Single sign on
Share authentication cookie between IdentityServer4 clients
Kerberos SSO Issue with AD change of upns in Spring Boot Application
Integrate SAML in Laravel using existing Idp and SP
How can i enable Token_IDs in the new Azure/Microsoft Entra interface
Okta SSO (Allowing other users from another organization to use SSO with the OpenID application i created on my Okta developer dashboard)
Keycloak: Unique SAML endpoint per SAML Client in the same Realm
Implement single signon (SSO) using SAML in java and AzureAD as IDP
AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
Why is a client secret required when setting up an Azure AD / Identity SSO in Asp.net (legacy .Net Framework), but it is not required in asp.net core?