We already have an open JIRA issue for this :-) We'll probably look at it early next week.
This is the issue I am referring to: http://www.ja-sig.org/issues/browse/CAS-679 in case you want to confirm that its the same thing this email is talking about. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Jul 2, 2008 at 4:12 PM, Mark McCoy <[EMAIL PROTECTED]> wrote: > Hey all, > > I just received this notice from Google about a change that they are making > in order for them to comply further with the SAML 2.0 spec. Does this > affect the CAS 3.1 Google Apps module? > > Thanks, Mark > > ---------- Forwarded message ---------- > From: Mark McCoy <[EMAIL PROTECTED]> > Date: Wed, Jul 2, 2008 at 3:08 PM > Subject: [Fwd: Action Required: Update needed for my.utsa.edu SSO with > Google Apps] > To: [EMAIL PROTECTED] > > > > > -------- Original Message -------- Subject: Action Required: Update > needed for my.utsa.edu SSO with Google Apps Date: Wed, 2 Jul 2008 > 12:56:17 -0700 (PDT) From: Google Apps Support > <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> To: > [EMAIL PROTECTED] > > Hello administrator of domain my.utsa.edu, > > Nothing is more important to us than the security of your users' data. We > are emailing you because we have detected that your Google Apps single > sign-on (SSO) implementation may be vulnerable to a theoretical security > hole. We would like to emphasize that we have not received any reports of > this vulnerability being exploited. > > In order to improve the security of Google Apps SSO, we have added a > requirement on the data your sign-in application (identity provider) sends. > You must update your sign-in application by the end of August 2008. The new > requirement is described here: > http://code.google.com/apis/apps/faq.html#recipient > > If your sign-in application is derived from our sample code, please refer to > the latest version of the sample code for the changes you'll need to make to > your own code. The updates to the sample code are also described in the link > above. > > If your sign-in application was not derived from our sample code, e.g. is a > third-party identity provider software, please forward this information to > the developers of the identity provider software. > > Important Notes: > > - We will begin enforcing this new requirement on your sign-in application > by the end of August 2008. > > - In the meantime, we will continue to accept the current responses from > your sign-in application so that your users can continue to sign in to Google > Apps. > > - If you are unable to update your sign-in application by the end of August > 2008, please email [EMAIL PROTECTED] > > - If you are about to deploy Google Apps SSO for new domains, you will need > to ensure this new requirement is met for those domains prior to deployment. > > If you have any questions, please email [EMAIL PROTECTED] > > Thank you for your consideration. > > The Google Apps Team > > > -- > Mark McCoy > OIT Enterprise Services > The University of Texas at San Antonio > 210-458-5871 > > > > > -- > Mark McCoy > Enterprise Services (Unix Group) > Office of Information Technology > The University of Texas at San Antonio > (210) 458-5871 > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
