SAML SP with Google as IDP error decrypting RSA
I am trying to test out using Google as IdP with SAML authentication.
I keep getting failed to process signed assertion, error: RSA decrypt in the logs.
I created the IdP on Google then imported the metadata to external IDP Connectors. Then I created an local SP service and gave google the ACS and EntityID.
I created the access profile and setup a flow requiring my SP/IDP setup defined above. The flow works but when the assertion comes back from Google, the APM says "failed to process signed assertion, error: RSA decrypt".
Google is using RSA-sha256 for the signature algorithm. What am I missing here?