Thanks Carlos! That was indeed the problem. For those who might have a similar issue in the future:
I'm using a central authentication service that requires me to redirect unauthenticated users to a login screen external to my app. When redirecting I have to include the (URL-encoded) SAMLRequest and RelayState parameters in my query string. The parameters arrived at the central login page intact. But, since the RelayState parameter is itself a URL with a query string and my central auth form did not properly URL encode it when returning it to me the parameters from that "inner" query string got parsed out as part of the original query string set. Hence, RelayState became https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail where it had originally been https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail<mpl=default<mplcache=2&passive=true&rm=false&continue=http://mail.google.com/a/caa.columbia.edu My first solution was to re-append the lost variables--ltmpl, ltmplcache, etc.--before posting back to google. I also got it to work by doing two rounds of URL encoding on the RelayState before posting to my central server. David On Nov 19, 10:39 pm, Cuso <[EMAIL PROTECTED]> wrote: > Hi: > > I had a similar issue with my implementation a few days ago. > Looking at your RelayState, I think it might be the same issue as > mine. You need to send back exactly what you get from Google. I > believe the reference implementation does not get the value correctly > from the request. For details, look down about 12 messages in this > group to a thread entitled something like:"Infinite redirection > cycle..." > > Good luck, > Carlos > > On Nov 19, 6:19 pm, "david.j.park" <[EMAIL PROTECTED]> wrote: > > > > > I have just worked through a number of bugs and gotten the SSO module > > almost working on my site. After a user authenticates I am presenting > > a form that has fields for the RelayState and SAMLResponse, much like > > in the reference implementation. The RelayState value is a URL- > > encoded version of: > > >https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail > > > When I submit the form I get taken to the administrator's login > > screen, which shows an error message saying "this user is not an > > administrator." If I click the "I am not an administrator" link I am > > taken to the Gmail page for the logged in user without further logging > > in. > > > Can someone please let me know how to avoid hitting the > > administrator's login page? > > > Thanks, > > David- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
