Summary
The Kenilworth release saw the introduction of using Google credentials on the SSL login page.
This article provides guidance for what to do when the Google button "doesn't work".
Problem
You can click the Google Sign-In button, but nothing happens the user is not authenticated, cannot get past the SSL or non-SSL login page, and cannot browse to the Internet.
Solution
Do you have Cookies?
Google makes use of cookies to authenticate users.If the user's browser is setup to not store cookies, Google authentication will not work. Note that cookies are not shared between browsers, so cookie storage must be enabled for all potential browsers that could be used on the network device.
Your Name's not on the List, You're not coming in
If there's a mismatch between:
- The host name of the Smoothwall hosting the SSL or non-SSL login page, and the one entered in the Google Developer's console for the Authorized JavaScript origins and Authorized redirect URI parameters see Where do I get the Client ID and Client Secret from for Google authentication?.
or
- The URL configured for the Authorized JavaScript origins and Authorized redirect URI parameters in the Google Developer's console, and the type of SSL login page used (that is, HTTP configured but SSL login page used, and vice versa).
... this would leave users' credentials being rejected as they would be seen as coming from an unauthorized source.
Are you Certified for Smoothwall?
You use the SSL login page, and have HTTPS configured for both Authorized JavaScript origins and Authorized redirect URI parameters, but your end-users are getting a certificate error before getting to the SSL login page. If they accept the certificate error, the Google Sign-In button on the SSL login page does nothing.
You must install the HTTPS certificate (downloaded from Services > Authentication > Google > Chromebook settings section) to all network devices used generally speaking you can use something similar to a Group Policy Object (for Active Directory networks) or an Administration Console (for Google networks) to push out the certificate to all devices.
Are you still Inspecting Google?
If the HTTPS Do not inspect policy (see Guardian HTTPS Do Not Inspect Policy) has been created for specific groups rather than for Everyone, you may find that users have a MITM warning when pulling in the JavaScript required for the Google Sign-In button. Note that this warning may not be displayed in the browser itself, but instead in the browser's console.