You're going to want to update the login-webflow.xml with the information from http://www.ja-sig.org/issues/browse/CAS-868.
Pat On Wed, Apr 21, 2010 at 12:50 PM, Hugh Eaves <[email protected]> wrote: > Has anyone got Google Apps integration working with 3.4.2? > > I'm working on an upgrade from 3.3.1 to 3.4.2 and have been unable to get > the SAML 2.0 / Google Apps stuff working in 3.4.2. > > Here's what I've found out so far: > > With out existing CAS 3.3.1 installation, everything behaves as expected. > Google redirects to CAS with the SAMLRequest=XXX set, and then CAS returns a > page which POSTS the SAMLResponse to Google. With 3.4.2, Google redirects to > CAS with the SAMLRequest=XXX set, but then CAS just redirects to the Google > service URL, and never attempts to post the SAMLResponse. (see browser logs > below) > > What am I doing wrong here? > > Thanks, > Hugh > > > > ================================================= > = CAS 3.3.1 HTTP Request Log ========================= > ================================================= > https://login.vcu.edu/cas/login?SAMLRequest=XXXXXX > > GET /cas/login?SAMLRequest=XXXXXX > Host: login.vcu.edu > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > HTTP/1.1 200 OK > Date: Wed, 21 Apr 2010 19:38:06 GMT > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > Content-Type: text/html;charset=ISO-8859-1 > Content-Language: en-US > Content-Length: 3574 > Connection: close > ---------------------------------------------------------- > https://www.google.com/a/mymail.vcu.edu/acs > > POST /a/mymail.vcu.edu/acs HTTP/1.1 > Host: www.google.com > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > Referer: https://login.vcu.edu/cas/login?SAMLRequest= XXXXXX > S=dasher_cpanel=qUcePkAsN74; TZ=240 > Content-Type: application/x-www-form-urlencoded > Content-Length: 3372 > SAMLResponse= XXXXXX > HTTP/1.1 200 OK > Content-Type: text/html; charset=UTF-8 > Content-Encoding: gzip > Date: Wed, 21 Apr 2010 19:38:06 GMT > Expires: Wed, 21 Apr 2010 19:38:06 GMT > Cache-Control: private, max-age=0 > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > Content-Length: 1414 > Server: GSE > > > ================================================= > = CAS 3.4.2 HTTP Request Log ========================= > ================================================= > https://logintest.vcu.edu/cas/login?SAMLRequest= XXXXXX > > GET /cas/login?SAMLRequest=f XXXXXX > Host: logintest.vcu.edu > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > HTTP/1.1 302 Moved Temporarily > Date: Wed, 21 Apr 2010 19:48:48 GMT > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > Location: https://www.google.com/a/mytestmail.vcu.edu/acs > Content-Length: 0 > Connection: close > Content-Type: text/plain; charset=UTF-8 > ---------------------------------------------------------- > https://www.google.com/a/mytestmail.vcu.edu/acs > > GET /a/mytestmail.vcu.edu/acs HTTP/1.1 > Host: www.google.com > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > HTTP/1.1 200 OK > Content-Type: text/html; charset=UTF-8 > Date: Wed, 21 Apr 2010 19:48:49 GMT > Expires: Wed, 21 Apr 2010 19:48:49 GMT > Cache-Control: private, max-age=0 > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > Content-Length: 0 > Server: GSE > > > > > -- > <BR> > You are currently subscribed to [email protected] as: > [email protected] > <BR> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
