Based on my review of the implementation of GoogleAccountService and the warn workflow, it appears the two are simply incompatible. The service ID of a Google service is the SAML2 Assertion Consumer Service (ACS), which is not a suitable target for a redirect in the warn view. The root problem is that the warn view assumes that the service will be accessed via GET with the ticket appended (via a link on the warn page), but that assumption does not hold for a SAML2 service such as Google Apps that sends a POST message. Anyone want to confirm this analysis? Is this new information? I'd invite workarounds, but I simply don't see any. The only solution I can imagine is rendering the warn view _before_ generation of the service response, which would allow proper behavior for all services.
M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
