I don't know if this would simplify the solution, or if it would work with your domain, bu I don't actually specify the service in the query string.
I would use: https://mail.google.com/a/cca.columbia.edu On Nov 20, 10:12 am, "david.j.park" <[EMAIL PROTECTED]> wrote: > Thanks Carlos! That was indeed the problem. > > For those who might have a similar issue in the future: > > I'm using a central authentication service that requires me to > redirect unauthenticated users to a login screen external to my app. > When redirecting I have to include the (URL-encoded) SAMLRequest and > RelayState parameters in my query string. The parameters arrived at > the central login page intact. But, since the RelayState parameter is > itself a URL with a query string and my central auth form did not > properly URL encode it when returning it to me the parameters from > that "inner" query string got parsed out as part of the original query > string set. Hence, RelayState became > > https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail > > where it had originally been > > https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail&l... > > My first solution was to re-append the lost variables--ltmpl, > ltmplcache, etc.--before posting back to google. I also got it to > work by doing two rounds of URL encoding on the RelayState before > posting to my central server. > > David > > On Nov 19, 10:39 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > Hi: > > > I had a similar issue with my implementation a few days ago. > > Looking at your RelayState, I think it might be the same issue as > > mine. You need to send back exactly what you get from Google. I > > believe the reference implementation does not get the value correctly > > from the request. For details, look down about 12 messages in this > > group to a thread entitled something like:"Infinite redirection > > cycle..." > > > Good luck, > > Carlos > > > On Nov 19, 6:19 pm, "david.j.park" <[EMAIL PROTECTED]> wrote: > > > > I have just worked through a number of bugs and gotten the SSO module > > > almost working on my site. After a user authenticates I am presenting > > > a form that has fields for the RelayState and SAMLResponse, much like > > > in the reference implementation. The RelayState value is a URL- > > > encoded version of: > > > >https://www.google.com/a/caa.columbia.edu/ServiceLogin?service=mail > > > > When I submit the form I get taken to the administrator's login > > > screen, which shows an error message saying "this user is not an > > > administrator." If I click the "I am not an administrator" link I am > > > taken to the Gmail page for the logged in user without further logging > > > in. > > > > Can someone please let me know how to avoid hitting the > > > administrator's login page? > > > > Thanks, > > > David- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
