The JIRA issue is the same thing that the email is referring to. We also got the email from the Google Apps Team today.
Parker On Wed, Jul 2, 2008 at 2:24 PM, Scott Battaglia <[EMAIL PROTECTED]> wrote: > We already have an open JIRA issue for this :-) We'll probably look at it > early next week. > > This is the issue I am referring to: > http://www.ja-sig.org/issues/browse/CAS-679 > > in case you want to confirm that its the same thing this email is talking > about. > > -Scott > > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > On Wed, Jul 2, 2008 at 4:12 PM, Mark McCoy <[EMAIL PROTECTED]> wrote: > >> Hey all, >> >> I just received this notice from Google about a change that they are >> making in order for them to comply further with the SAML 2.0 spec. Does >> this affect the CAS 3.1 Google Apps module? >> >> Thanks, Mark >> >> ---------- Forwarded message ---------- >> From: Mark McCoy <[EMAIL PROTECTED]> >> Date: Wed, Jul 2, 2008 at 3:08 PM >> Subject: [Fwd: Action Required: Update needed for my.utsa.edu SSO with >> Google Apps] >> To: [EMAIL PROTECTED] >> >> >> >> >> -------- Original Message -------- Subject: Action Required: Update >> needed for my.utsa.edu SSO with Google Apps Date: Wed, 2 Jul 2008 >> 12:56:17 -0700 (PDT) From: Google Apps Support >> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> To: >> [EMAIL PROTECTED] >> >> Hello administrator of domain my.utsa.edu, >> >> Nothing is more important to us than the security of your users' data. We >> are emailing you because we have detected that your Google Apps single >> sign-on (SSO) implementation may be vulnerable to a theoretical security >> hole. We would like to emphasize that we have not received any reports of >> this vulnerability being exploited. >> >> In order to improve the security of Google Apps SSO, we have added a >> requirement on the data your sign-in application (identity provider) sends. >> You must update your sign-in application by the end of August 2008. The new >> requirement is described here: >> http://code.google.com/apis/apps/faq.html#recipient >> >> If your sign-in application is derived from our sample code, please refer to >> the latest version of the sample code for the changes you'll need to make to >> your own code. The updates to the sample code are also described in the >> link above. >> >> If your sign-in application was not derived from our sample code, e.g. is a >> third-party identity provider software, please forward this information to >> the developers of the identity provider software. >> >> Important Notes: >> >> - We will begin enforcing this new requirement on your sign-in application >> by the end of August 2008. >> >> - In the meantime, we will continue to accept the current responses from >> your sign-in application so that your users can continue to sign in to >> Google Apps. >> >> - If you are unable to update your sign-in application by the end of >> August 2008, please email [EMAIL PROTECTED] >> >> - If you are about to deploy Google Apps SSO for new domains, you will >> need to ensure this new requirement is met for those domains prior to >> deployment. >> >> If you have any questions, please email [EMAIL PROTECTED] >> >> Thank you for your consideration. >> >> The Google Apps Team >> >> >> -- >> Mark McCoy >> OIT Enterprise Services >> The University of Texas at San Antonio >> 210-458-5871 >> >> >> >> >> -- >> Mark McCoy >> Enterprise Services (Unix Group) >> Office of Information Technology >> The University of Texas at San Antonio >> (210) 458-5871 >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
