Hi Carlos, This issue has been logged before and someone is working on it. Could you please instruct your users to use the "Sign In" link on the top right corner as a workaround for now?
Thanks, Megha On Dec 19, 12:26 pm, Cuso <[EMAIL PROTECTED]> wrote: > When do you estimate a fix for this issue being released? > We are planning on publishing credentials for about 40,000 users in > the coming weeks. This means we are expecting a whole bunch of new > users logging in during this period and SSO is a requirement for some > of the campuses to buy-in to the idea of Google-hosted services. Can > you tell me something I can tell my boss about the expectations for > this to be resolved soon? > > Regards, > Carlos > > On Dec 19, 2:20 am, "Megha (Google)" <[EMAIL PROTECTED]> wrote: > > > > > Hi Carlos, > > > Can you try using on the "Sign In" link on the top right corner of the > > your start page? > > The "Sign In" link on the Email Gadget has the issue which results in > > cycles that you described. > > > Thanks, > > Megha > > > On Dec 18, 8:33 am, Cuso <[EMAIL PROTECTED]> wrote: > > > > Sorry about the delay.... I was fighting some fires... > > > > I tried your suggestion and it didn't work. Here is the form submitted > > > to the acs after the change: > > > > ********* SAMLResponseServlet ********* > > > > <!-- > > > Copyright (C) 2006 Google Inc. > > > > Licensed under the Apache License, Version 2.0 (the "License"); > > > you may not use this file except in compliance with the License. > > > You may obtain a copy of the License at > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > Unless required by applicable law or agreed to in writing, > > > software > > > distributed under the License is distributed on an "AS IS" BASIS, > > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > > > implied. > > > See the License for the specific language governing permissions > > > and > > > limitations under the License. > > > --> > > > > <html> > > > <head> > > > <meta http-equiv="Content-Type" content="text/html; > > > charset=iso-8859-1"> > > > <title>Portal de Servicios Electrónicos - Universidad de Puerto > > > Rico</title> > > > <meta content="noindex,nofollow" name="robots"> > > > <style type="text/css"><!-- > > > body {background-color: #ffffff} > > > body,td,div,p,a,font,span {font-family: arial,sans-serif} > > > body {margin-top:2} > > > > .c {width: 4; height: 4} > > > > .bubble {background-color:#C3D9FF} > > > > .tl {padding: 0; width: 4; text-align: left; vertical-align: top} > > > .tr {padding: 0; width: 4; text-align: right; vertical-align: top} > > > .bl {padding: 0; width: 4; text-align: left; vertical-align: bottom} > > > .br {padding: 0; width: 4; text-align: right; vertical-align: bottom} > > > > .x {background-color: #ddf8cc; border: solid 1px #80c65a; padding: > > > 15px; margin: 0 15px 0 0; text-align: center;} > > > .x, .x td {font-size: 80%} > > > .x table {margin: 0px; text-align: left;} > > > .x p {text-align: left;} > > > .x h2 {margin:0 0 0 0;font-weight: bold; font-size: 120%;} > > > > .errormsg {color: #cc0000} > > > --> </style> </head> > > > > <body onload="document.acsForm.submit();"> > > > > <form name="acsForm" action="https://www.google.com/a/upr.edu/ > > > acs" method="post" > <!-- target="_blank"> --> > > > <div style="display: none"> > > > <textarea rows=10 cols=80 name="SAMLResponse"><?xml > > > version="1.0" encoding="UTF-8"?> > > > <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > > > xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > > > ID="miejagpgfkfkfaalngfhcldineplaggifakimbfo" > > > IssueInstant="2007-12-18T12:22:17Z" Version="2.0"> <Signature > > > xmlns="http://www.w3.org/2000/09/ > > > xmldsig#"><SignedInfo><CanonicalizationMethod > > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; > > > /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa- > > > > sha1" /><Reference URI=""><Transforms><Transform > > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /></ > > > Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/ > > > xmldsig#sha1" /><DigestValue>jtECoVUTnvwf1TqVBsu8o6tOdtY=</ > > > DigestValue></Reference></ > > > SignedInfo><SignatureValue>BMT0itItryVF0FqlGi3MMzVwAu2YVm0Y294m27M1tE03CQWx-0IdOrA==</ > > > SignatureValue><KeyInfo><KeyValue><DSAKeyValue><P>r5Swl0VTgqkZSKUQoeILhNyEZ-s9Ot8hQgiNuJeI6cFro > > > +5/jBP8KDCByq5MkIzqZZxqGZPKc1GZC > > > 9QTxMqPYOXiShREalv45a4kb6sRGTluh8YpSfskPRMWT77yp7KqGKZbSqHlw > > > +FKXraAgzjV7RXCn > > > OU14Uun5Ac9R7QSPIls=</P><Q>p3nhx7XegMkLDaySZ3VhakAsEqk=</ > > > Q><G>QFJ1EaupSqYDMPz4vzknUFZziiYGGZN7+R2ZqTsooVmNxVf+A39v > > > +8aFnh6Ny6w9rveOSXjYYAAL > > > oejZTqDCPRtnHnW7g4Rp2DktGA47T8ou/ > > > LOt7MOhtFJSjYUrejxaQLFK35A35sv9pbjF5tCWICe8 > > > rgawabXh6AvzvOa4/Z8=</G><Y>UTQsust9OOU26ypSLU9/ > > > sljpyZ9IBrJXVrfgfDMICpxf4hAFVt5CswvJ/CBgy91YjhXMOCdcveJ2 > > > D2NnevIBRxlU6zLwQB035ec0M2Ctnm9llyVK7Gea3KdYwtgfLyMVFMwXIg6fxjAoimUA4OlOfFp-Y > > > 65fD6fbwPtGoN0pTeYw=</Y></DSAKeyValue></KeyValue></KeyInfo></ > > > Signature><samlp:Status> <samlp:StatusCode > > > Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> > > > <Assertion ID="ehknpfnbhhcmjabjnlokajjinhobcangjgpiiili" > > > IssueInstant="2003-04-17T00:46:02Z" Version="2.0"> > > > <Issuer>https://www.opensaml.org/IDP </Issuer> <Subject> > > > <NameID > > > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"> > > > cuenta.depruebasso3 </NameID> > > > <SubjectConfirmation > > > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /> </Subject> > > > <Conditions NotBefore="2003-04-17T00:46:02Z" > > > NotOnOrAfter="2008-04-17T00:51:02Z"> </Conditions> > > > <AuthnStatement > > > AuthnInstant="2007-12-18T12:22:17Z"> <AuthnContext> > > > <AuthnContextClassRef> > > > urn:oasis:names:tc:SAML: > > > 2.0:ac:classes:Password </AuthnContextClassRef> > > > </AuthnContext> > > > </AuthnStatement> </Assertion></samlp:Response> > > > </textarea> > > > <textarea rows=10 cols=80 > > > name="RelayState">https://www.google.com/a/upr.edu/ServiceLogin?service=ig&passive=fals......</textarea> > > > </div> > > > </form> > > > </body> > > > > </html> > > > > On Nov 29, 12:07 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > I am using FireFox to test, but I'll check.... > > > > > On Nov 26, 9:56 pm, "Alex (Google)" <[EMAIL PROTECTED]> wrote: > > > > > > Hi Carlos, > > > > > > Does this happen on Internet Explorer only? It might be an issue with > > > > > the RelayState not having XML special characters escaped: > > > > > > & -> & > > > > > < -> <> -> > > > > > > > ' -> ' > > > > > " -> " > > > > > > -alex > > > > > > On Nov 26, 5:51 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > Alex, > > > > > > > Some extra information on this issue: > > > > > > > The user gets logged on, actually. If I stop the cycle (by > > > > > > clicking on the browser stop button) and then > > > > > > tryhttp://www.google.com/a/upr.edu > > > > > > I get the dashboard as the user I was trying to log on if it is an > > > > > > administrator, otherwise I get the Google apps logon page telling > > > > > > me I > > > > > > need to be an admin to get to the dashboard. So the acs is creating > > > > > > the session, but is not redirecting the browser correctly or the > > > > > > start > > > > > > page is not recognizing the session. > > > > > > > Thought it might help you... > > > > > > > Thanks, > > > > > > Carlos > > > > > > On Nov 26, 9:37 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > Hello Alex, > > > > > > > > We get the cycle by accessinghttp://inicio.upr.edu, which is > > > > > > > our > > > > > > > start page fqdn. Your SP code redirects the user to the IdP > > > > > > > without > > > > > > > showing the start page. The three pages in the cycle show up just > > > > > > > after the submit button is pressed on our IdP sign-in page. > > > > > > > > Thanks, > > > > > > > Carlos > > > > > > > > Alex (Google) wrote: > > > > > > > > Hi Carlos, > > > > > > > > > Did you get theinfiniteloop using the Gmail gadget Sign in link? > > > > > > > > That Sign in link is broken (we're working on a fix). > > > > > > > > > Can you try the Sign in link in the upper right corner of the > > > > > > > > start > > > > > > > > page? > > > > > > > > > -alex > > > > > > > > > On Nov 20, 5:59 am, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > > Well, I thought it was solved, but I'm still getting the > > > > > > > > > cycle... > > > > > > > > > Here is the acs page: > > > > > > > > > > <html><body><script> > > > > > > > > > var url = > > > > > > > > > 'https://www.google.com/a/upr.edu/ServiceLogin?service\075ig > > > > > > > > > \046passive\075false\046continue\075http://partnerpage.google.com/ > > > > > > > > > upr.edu\046followup\075http://partnerpage.google.com/upr.edu\046cd > > > > > > > > > \075US\046hl\075en\046nui\0751\046ltmpl\075default'; > > > > > > > > > var parts = (window.location+'').split('#'); > > > > > > > > > if (parts.length == 2 && parts[1].length > 0) { > > > > > > > > > url += '#' + parts[1];} > > > > > > > > > > window.setTimeout(function() { > > > > > > > > > window.location = url;}, 0); > > > > > > > > > > </script></body></html> > > > > > > > > > > I had not tested the fix correctly before. Any ideas? > > > > > > > > > > Thanks, > > > > > > > > > Carlos > > > > > > > > > On Nov 18, 6:37 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > Thank you! This solved the issue. > > > > > > > > > > > On Nov 18, 2:36 am, "Alex (Google)" <[EMAIL PROTECTED]> > > > > > > > > > > wrote: > > > > > > > > > > > > Hi Carlos, > > > > > > > > > > > > Right now it looks like RelayState is hard-coded > > > > > > > > > > > ashttp://inicio.upr.edu > > > > > > > > > > > > But instead, it should be taken from the RelayState > > > > > > > > > > > parameter which > > > > > > > > > > > you get from Google and included in the HTML forms, > > > > > > > > > > > taking care to > > > > > > > > > > > escape special XML characters, e.g.: > > > > > > > > > > > >https://gaemail.upr.edu/GAESSOWS/identity_provider.jsp > > > > > > > > > > > ?SAMLRequest=... > > ... > > read more >>- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
