When using Cloudflare Zero Trust Access to restrict access to a Cloudflare Pages site I get one of the two following errors after logging in with Google Workspace setup as IdP (and tested to work via the ZeroTrust > Settings > Authentication dashboard).
- ERR_TOO_MANY_REDIRECTS
- ERR_FAILED
I’ve tried two methods to set this up, one with the CORS “Access-Control-Allow-Credentials” enabled which leads to the ERR_FAILED and one with it disabled which leads to the ERR_TOO_MANY_REDIRECTS
When I receive the ERR_FAILED error I can hard-refresh the browser (ctrl+shift+r) and it will load the secured page, but if I navigate away and return, I receive the ERR_FAILED message again and I have to hard-refresh once again.
When I receive the ERR_TOO_MANY_REDIRECTS it gets in an loop with the IdP. On first visit, it tries to load the page, needs authentication, redirects to the IdP for authentication, and after successful login redirects to the page as expect. However on that second pageload it doesn’t seem to know I’ve authenticated and sends me back to the IdP which immediately redirects back since I am authenticated with the IdP. This loop never is able to load the page.
The solutions I’ve found around the forums for the redirect loop (Setting “Same Site Attribute” to “Lax”) has no effect.
There’s nothing special with the Cloudflare Pages site (no additional page rules or redirects), there’s only one Access setup with a single policy, and aside from selecting Google Workspace as the IdP and setting a Google Group include policy, it’s other settings are identical to the generic ZT Access created when you select “Enable Access Policy” from the Cloudflare Pages settings to view the preview deployments (which works).
Anyone have any insight to this sort of problem using Google Workspace as IdP with Cloudflare ZeroTrust?