> When I look at the CAS logs, > everything looks normal here too...the student is getting authenticated > correctly. The same student has no issue logging into any of the other > casified services. The only thing I can conclude is that for some students, > Google is having trouble reading the SAML payload.
There are a couple indications this is an attribute release issue around the SAML protocol to/from Google: - Access to other services works fine - Only affects some students I would recommend you attempt to capture the SAML traffic and examine it to ensure it meets the requirements set by Google. Unfortunately with the version of OpenSAML used in 3.3.5, I don't believe you can simply turn up logging to see the protocol data. You can try turning up org.opensaml to trace and see if that produces anything useful, but IIRC it does not. Alternatively, you can use http://code.google.com/p/vt-middleware/wiki/vtservletfilters#RequestDumperFilter to dump request traffic to CAS, but I'm not aware of a canned component to print out response traffic. You may need to customize the CAS source to inject additional logging statements to view the response you send to Google. The response payload is most likely the most valuable diagnostic data. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
