Has anyone got Google Apps integration working with 3.4.2? I'm working on an upgrade from 3.3.1 to 3.4.2 and have been unable to get the SAML 2.0 / Google Apps stuff working in 3.4.2.
Here's what I've found out so far: With out existing CAS 3.3.1 installation, everything behaves as expected. Google redirects to CAS with the SAMLRequest=XXX set, and then CAS returns a page which POSTS the SAMLResponse to Google. With 3.4.2, Google redirects to CAS with the SAMLRequest=XXX set, but then CAS just redirects to the Google service URL, and never attempts to post the SAMLResponse. (see browser logs below) What am I doing wrong here? Thanks, Hugh ================================================= = CAS 3.3.1 HTTP Request Log ========================= ================================================= https://login.vcu.edu/cas/login?SAMLRequest=XXXXXX GET /cas/login?SAMLRequest=XXXXXX Host: login.vcu.edu User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 21 Apr 2010 19:38:06 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-US Content-Length: 3574 Connection: close ---------------------------------------------------------- https://www.google.com/a/mymail.vcu.edu/acs POST /a/mymail.vcu.edu/acs HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: https://login.vcu.edu/cas/login?SAMLRequest= XXXXXX S=dasher_cpanel=qUcePkAsN74; TZ=240 Content-Type: application/x-www-form-urlencoded Content-Length: 3372 SAMLResponse= XXXXXX HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Date: Wed, 21 Apr 2010 19:38:06 GMT Expires: Wed, 21 Apr 2010 19:38:06 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 1414 Server: GSE ================================================= = CAS 3.4.2 HTTP Request Log ========================= ================================================= https://logintest.vcu.edu/cas/login?SAMLRequest= XXXXXX GET /cas/login?SAMLRequest=f XXXXXX Host: logintest.vcu.edu User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive HTTP/1.1 302 Moved Temporarily Date: Wed, 21 Apr 2010 19:48:48 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Location: https://www.google.com/a/mytestmail.vcu.edu/acs Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8 ---------------------------------------------------------- https://www.google.com/a/mytestmail.vcu.edu/acs GET /a/mytestmail.vcu.edu/acs HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Wed, 21 Apr 2010 19:48:49 GMT Expires: Wed, 21 Apr 2010 19:48:49 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Server: GSE -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
