It may not apply to your CAS version, and it may not be related, but did you see https://issues.jasig.org/browse/CAS-868?
Ed On Thu, Feb 7, 2013 at 2:05 PM, Lynxlogic <[email protected]> wrote: > Hi, > > I'm getting started with CAS and my first chore is to setup SSO with > Google apps. I followed the directions here: > https://wiki.jasig.org/pages/viewpage.action?pageId=6063484 > > When I try to sign in Google redirects to my CAS server, I sign in, then > CAS posts back to Google, but Google apparently has a problem with the SAML > response. I get an error page saying "This account cannot be accessed > because the login credentials could not be verified." > > According to Google's SSO FAQ, this is usually due to the private key used > to sign the response not matching the uploaded certificate. I verified the > cert matches the private key ( > https://kb.wisc.edu/middleware/page.php?id=4064). > > I've also tried sending the username in the NameID element as just > "username" as well as "username@domain", with no change in result. > > I've even tried customizing the response template in the > GoogleAccountsService class and tried changing the NameID format to email > instead of emailAddress as well as other tweaks, such as setting the Issuer > to a host matching the CN on the certificate. > > I've also run cas in a debugger and could see it loading the private key > via the classpath, so I'm fairly confident the right private key is being > used. > > At this point I'm stumped. Does anyone have any pointers? > > P.S. I built CAS using the maven overlay approach. > > Thanks, > David > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Ed Hillis, Web Programmer Southwestern University 1001 East University Avenue, Georgetown, TX 78626 512.863.1066 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
