Hi, I'm getting started with CAS and my first chore is to setup SSO with Google apps. I followed the directions here: https://wiki.jasig.org/pages/viewpage.action?pageId=6063484
When I try to sign in Google redirects to my CAS server, I sign in, then CAS posts back to Google, but Google apparently has a problem with the SAML response. I get an error page saying "This account cannot be accessed because the login credentials could not be verified." According to Google's SSO FAQ, this is usually due to the private key used to sign the response not matching the uploaded certificate. I verified the cert matches the private key (https://kb.wisc.edu/middleware/page.php?id=4064). I've also tried sending the username in the NameID element as just "username" as well as "username@domain", with no change in result. I've even tried customizing the response template in the GoogleAccountsService class and tried changing the NameID format to email instead of emailAddress as well as other tweaks, such as setting the Issuer to a host matching the CN on the certificate. I've also run cas in a debugger and could see it loading the private key via the classpath, so I'm fairly confident the right private key is being used. At this point I'm stumped. Does anyone have any pointers? P.S. I built CAS using the maven overlay approach. Thanks, David -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
