3.3.5 works fine - I think the issue is in the Spring-webflow changes in 3.4
-Eric On Tue, May 4, 2010 at 5:08 PM, Gutholm, James <[email protected]>wrote: > > Thanks, what's the most current version known to work with google apps? > > -James > > On May 4, 2010, at 2:06 PM, [email protected] wrote: > > > There's an open issue in jira targeted at 3.5 with a fix. > > > > > > Sent from my Verizon Wireless BlackBerry > > > > -----Original Message----- > > From: "Gutholm, James" <[email protected]> > > Date: Tue, 04 May 2010 13:57:44 > > To: <[email protected]> > > Subject: [cas-user] Google Apps not redirecting from CAS back to Google > > > > > > We have an existing SSO environment using CAS and we are now trying to > enable Google Apps for Edu (GAE). I've created a new CAS war file and > deployed it as a test. > > Authentication is working fine. > > For normal applications, that use "https://hostname/path/login?service...";, > it redirects back to the web app after login as expected. > > When redirected to login from GAE, the credentials are authenticated but > there is no redirect from CAS back to GAE. I just get the "Log In > Successful" CAS page. > > In GAE, I'm using https://hostname/path/login as the SSO login URL > > > > I'm using the Maven war overlay method to build CAS 3.4.2 > > > > Here's what I have as modifications; > > ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml > > ./src/main/webapp/WEB-INF/classes/private.p8 > > ./src/main/webapp/WEB-INF/classes/public.key > > ./src/main/webapp/WEB-INF/deployerConfigContext.xml > > ./src/main/webapp/WEB-INF/login-webflow.xml > > > > In ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml I've > added the following based on > > > http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+%2528Google+Accounts+Integration%2529 > > > > <bean > > id="privateKeyFactoryBean" > > class="org.jasig.cas.util.PrivateKeyFactoryBean" > > p:location="classpath:private.p8" > > p:algorithm="RSA" /> > > <bean > > id="publicKeyFactoryBean" > > class="org.jasig.cas.util.PublicKeyFactoryBean" > > p:location="classpath:public.key" > > p:algorithm="RSA" /> > > <bean > > name="googleAccountsArgumentExtractor" > > > class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor" > > p:httpClient-ref="httpClient" > > p:privateKey-ref="privateKeyFactoryBean" > > p:publicKey-ref="publicKeyFactoryBean" /> > > <util:list id="argumentExtractors"> > > <ref bean="casArgumentExtractor" /> > > <ref bean="samlArgumentExtractor" /> > > <ref bean="googleAccountsArgumentExtractor" /> > > </util:list> > > > > The keys were created as directed. > > > > The only change in deployerConfigContext.xml is changing > SimpleTestUsernamePasswordAuthenticationHandler to > JaasAuthenticationHandler. This is our existing authn mechanism. > > > > I've tried it both with and without the changes to login-webflow.xml > suggested at: > > http://www.ja-sig.org/issues/browse/CAS-868#action_21610 > > which seems related but not directly applicable. > > > > Here's the http headers from the browser, slightly sanitized. > > > > Any help would be appreciated. > > > > -James > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > James Gutholm > Assoc. Dir. Computing and Communications > The Evergreen State College > 2700 Evergreen Parkway NW , Olympia, WA 98505 > 360.867.6635 > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
