Missed pasting the headers, here they are. https://host/path//login?SAMLRequest=********&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fevergreen.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fevergreen.edu%252F%26bsv%3D********%26ltmpl%3Ddefault%26ltmplcache%3D2
POST /path//login?SAMLRequest=********&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fevergreen.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fevergreen.edu%252F%26bsv%3D********%26ltmpl%3Ddefault%26ltmplcache%3D2 HTTP/1.1 Host: host User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: https://host/path/login?SAMLRequest=********&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fevergreen.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fevergreen.edu%252F%26bsv%3D********%26ltmpl%3Ddefault%26ltmplcache%3D2 Cookie: JSESSIONID=********; __utma=235859797.1783047543.1242071837.1242758478.1258763888.3; __utmz=235859797.1258763888.3.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none) Content-Type: application/x-www-form-urlencoded Content-Length: 71 username=********&password=********<=e2s1&_eventId=submit&submit=LOGIN HTTP/1.1 200 OK Date: Tue, 04 May 2010 16:51:02 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Set-Cookie: CASPRIVACY=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/path Set-Cookie: CASTGC=TGT-5-********-cas; Path=/path; Secure Content-Type: text/html;charset=UTF-8 Content-Length: 1929 Connection: close ---------------------------------------------------------- On May 4, 2010, at 1:57 PM, Gutholm, James wrote: > > We have an existing SSO environment using CAS and we are now trying to enable > Google Apps for Edu (GAE). I've created a new CAS war file and deployed it as > a test. > Authentication is working fine. > For normal applications, that use "https://hostname/path/login?service...";, > it redirects back to the web app after login as expected. > When redirected to login from GAE, the credentials are authenticated but > there is no redirect from CAS back to GAE. I just get the "Log In Successful" > CAS page. > In GAE, I'm using https://hostname/path/login as the SSO login URL > > I'm using the Maven war overlay method to build CAS 3.4.2 > > Here's what I have as modifications; > ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml > ./src/main/webapp/WEB-INF/classes/private.p8 > ./src/main/webapp/WEB-INF/classes/public.key > ./src/main/webapp/WEB-INF/deployerConfigContext.xml > ./src/main/webapp/WEB-INF/login-webflow.xml > > In ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml I've added > the following based on > http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+%2528Google+Accounts+Integration%2529 > > <bean > id="privateKeyFactoryBean" > class="org.jasig.cas.util.PrivateKeyFactoryBean" > p:location="classpath:private.p8" > p:algorithm="RSA" /> > <bean > id="publicKeyFactoryBean" > class="org.jasig.cas.util.PublicKeyFactoryBean" > p:location="classpath:public.key" > p:algorithm="RSA" /> > <bean > name="googleAccountsArgumentExtractor" > > class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor" > p:httpClient-ref="httpClient" > p:privateKey-ref="privateKeyFactoryBean" > p:publicKey-ref="publicKeyFactoryBean" /> > <util:list id="argumentExtractors"> > <ref bean="casArgumentExtractor" /> > <ref bean="samlArgumentExtractor" /> > <ref bean="googleAccountsArgumentExtractor" /> > </util:list> > > The keys were created as directed. > > The only change in deployerConfigContext.xml is changing > SimpleTestUsernamePasswordAuthenticationHandler to JaasAuthenticationHandler. > This is our existing authn mechanism. > > I've tried it both with and without the changes to login-webflow.xml > suggested at: > http://www.ja-sig.org/issues/browse/CAS-868#action_21610 > which seems related but not directly applicable. > > Here's the http headers from the browser, slightly sanitized. > > Any help would be appreciated. > > -James > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > James Gutholm Assoc. Dir. Computing and Communications The Evergreen State College 2700 Evergreen Parkway NW , Olympia, WA 98505 360.867.6635 -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
