Showing results for 
Search instead for 
Did you mean: 

Cloudpath | Error "Unable to authorize via SAML", G-Suite Authentication fails

RUCKUS Team Member

Issue: Users experiencing authentication failures when using SAML-based authentication, particularly with external services like G-Suite.


Root Cause: The Security Assertion Markup Language (SAML) relies on precise time synchronization between the systems involved (identity provider, service provider, and user's device) to ensure the security of authentication transactions.


  • Ensure Accurate Time Configuration:

    • Confirm that both the Cloudpath instance and the virtual server have accurate time configurations.
    • Point NTP configurations to a reliable NTP server, such as RUCKUS's public NTP server (
  • Automatic Time Synchronization:

    • Set up automatic NTP synchronization to ensure consistent and accurate time across systems.
    • Regularly monitor NTP synchronization to detect and address any time drift issues promptly.

Follow this guide for instructions on how to configure SAML services in RUCKUS Cloudpath.

How SAML Works:

  1. Request Initiation:

    • User requests access to a service.
    • Service Provider (SP) redirects the user to the Identity Provider (IdP) for authentication.
  2. Authentication:

    • IdP authenticates the user by requesting credentials (e.g., username and password).
    • IdP generates a SAML assertion containing authentication information encrypted with the SP's public key and user details.
  3. SAML Assertion:

    • SAML assertion includes a timestamp to ensure its freshness.
    • If the SAML assertion is too old (beyond a defined time window), the assertion is considered invalid.
  4. Response to Service Provider:

    • IdP sends the SAML assertion back to the user's browser.
  5. Access Granted:

    • User's browser submits the SAML assertion to the SP.
    • SP validates the assertion's authenticity and, if valid, grants access.


With regards,
Orlando Elias
Technical Support