Marvin, thanks for the suggestions. Yeah, I am definitely trying to get the payload info...and yes so far turning up logging isn't helping. I will try org.opensaml. Did I understand you to say that if I download and configure a copy of the latest version that I might be able to view the payload info? If this is the case, I might give that a try.
On Fri, Jan 18, 2013 at 11:38 AM, Marvin Addison <[email protected]>wrote: > > When I look at the CAS logs, > > everything looks normal here too...the student is getting authenticated > > correctly. The same student has no issue logging into any of the other > > casified services. The only thing I can conclude is that for some > students, > > Google is having trouble reading the SAML payload. > > There are a couple indications this is an attribute release issue > around the SAML protocol to/from Google: > > - Access to other services works fine > - Only affects some students > > I would recommend you attempt to capture the SAML traffic and examine > it to ensure it meets the requirements set by Google. Unfortunately > with the version of OpenSAML used in 3.3.5, I don't believe you can > simply turn up logging to see the protocol data. You can try turning > up org.opensaml to trace and see if that produces anything useful, but > IIRC it does not. Alternatively, you can use > > http://code.google.com/p/vt-middleware/wiki/vtservletfilters#RequestDumperFilter > to dump request traffic to CAS, but I'm not aware of a canned > component to print out response traffic. You may need to customize the > CAS source to inject additional logging statements to view the > response you send to Google. The response payload is most likely the > most valuable diagnostic data. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Curtis Garman -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
