Hello Megha, We will try to educate our users about this issue as you propose. I assure you it is not my intention to be pushy. I apologize if it seemed that way. I am on your side. The reality of the situation is that it is not a big deal for me, but unfortunately I am not the one making the decision to migrate 60k+ students to Google and it has not been easy to convince everyone (despite all the good work you guys have done) of the stability of the platform. I am not asking for it to be fixed right away. I just want to have the tools to mitigate any concerns this might raise in the minds of other (possibly less understanding/informed) people. And of course, you might not be able to get the information, in which case I will have to say I have no idea when it is expected to be fixed. But I need to ask anyways... I hope you understand. Should I assume from your answer that you can't find out about a possible target fix date?
Thanks, Carlos On Dec 19, 8:28 pm, "Megha (Google)" <[EMAIL PROTECTED]> wrote: > Hi Carlos, > > This issue has been logged before and someone is working on it. Could > you please instruct your users to use the "Sign In" link on the top > right corner as a workaround for now? > > Thanks, > Megha > > On Dec 19, 12:26 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > When do you estimate a fix for this issue being released? > > We are planning on publishing credentials for about 40,000 users in > > the coming weeks. This means we are expecting a whole bunch of new > > users logging in during this period and SSO is a requirement for some > > of the campuses to buy-in to the idea of Google-hosted services. Can > > you tell me something I can tell my boss about the expectations for > > this to be resolved soon? > > > Regards, > > Carlos > > > On Dec 19, 2:20 am, "Megha (Google)" <[EMAIL PROTECTED]> wrote: > > > > Hi Carlos, > > > > Can you try using on the "Sign In" link on the top right corner of the > > > your start page? > > > The "Sign In" link on the Email Gadget has the issue which results in > > > cycles that you described. > > > > Thanks, > > > Megha > > > > On Dec 18, 8:33 am, Cuso <[EMAIL PROTECTED]> wrote: > > > > > Sorry about the delay.... I was fighting some fires... > > > > > I tried your suggestion and it didn't work. Here is the form submitted > > > > to the acs after the change: > > > > > ********* SAMLResponseServlet ********* > > > > > <!-- > > > > Copyright (C) 2006 Google Inc. > > > > > Licensed under the Apache License, Version 2.0 (the "License"); > > > > you may not use this file except in compliance with the License. > > > > You may obtain a copy of the License at > > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > > Unless required by applicable law or agreed to in writing, > > > > software > > > > distributed under the License is distributed on an "AS IS" BASIS, > > > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > > > > implied. > > > > See the License for the specific language governing permissions > > > > and > > > > limitations under the License. > > > > --> > > > > > <html> > > > > <head> > > > > <meta http-equiv="Content-Type" content="text/html; > > > > charset=iso-8859-1"> > > > > <title>Portal de Servicios Electrónicos - Universidad de Puerto > > > > Rico</title> > > > > <meta content="noindex,nofollow" name="robots"> > > > > <style type="text/css"><!-- > > > > body {background-color: #ffffff} > > > > body,td,div,p,a,font,span {font-family: arial,sans-serif} > > > > body {margin-top:2} > > > > > .c {width: 4; height: 4} > > > > > .bubble {background-color:#C3D9FF} > > > > > .tl {padding: 0; width: 4; text-align: left; vertical-align: top} > > > > .tr {padding: 0; width: 4; text-align: right; vertical-align: top} > > > > .bl {padding: 0; width: 4; text-align: left; vertical-align: bottom} > > > > .br {padding: 0; width: 4; text-align: right; vertical-align: bottom} > > > > > .x {background-color: #ddf8cc; border: solid 1px #80c65a; padding: > > > > 15px; margin: 0 15px 0 0; text-align: center;} > > > > .x, .x td {font-size: 80%} > > > > .x table {margin: 0px; text-align: left;} > > > > .x p {text-align: left;} > > > > .x h2 {margin:0 0 0 0;font-weight: bold; font-size: 120%;} > > > > > .errormsg {color: #cc0000} > > > > --> </style> </head> > > > > > <body onload="document.acsForm.submit();"> > > > > > <form name="acsForm" action="https://www.google.com/a/upr.edu/ > > > > acs" method="post" > <!-- target="_blank"> --> > > > > <div style="display: none"> > > > > <textarea rows=10 cols=80 name="SAMLResponse"><?xml > > > > version="1.0" encoding="UTF-8"?> > > > > <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > > > > xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > > > > ID="miejagpgfkfkfaalngfhcldineplaggifakimbfo" > > > > IssueInstant="2007-12-18T12:22:17Z" Version="2.0"> <Signature > > > > xmlns="http://www.w3.org/2000/09/ > > > > xmldsig#"><SignedInfo><CanonicalizationMethod > > > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; > > > > /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa- > > > > > sha1" /><Reference URI=""><Transforms><Transform > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /></ > > > > Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/ > > > > xmldsig#sha1" /><DigestValue>jtECoVUTnvwf1TqVBsu8o6tOdtY=</ > > > > DigestValue></Reference></ > > > > SignedInfo><SignatureValue>BMT0itItryVF0FqlGi3MMzVwAu2YVm0Y294m27M1tE03CQWx-0IdOrA==</ > > > > SignatureValue><KeyInfo><KeyValue><DSAKeyValue><P>r5Swl0VTgqkZSKUQoeILhNyEZ-s9Ot8hQgiNuJeI6cFro > > > > +5/jBP8KDCByq5MkIzqZZxqGZPKc1GZC > > > > 9QTxMqPYOXiShREalv45a4kb6sRGTluh8YpSfskPRMWT77yp7KqGKZbSqHlw > > > > +FKXraAgzjV7RXCn > > > > OU14Uun5Ac9R7QSPIls=</P><Q>p3nhx7XegMkLDaySZ3VhakAsEqk=</ > > > > Q><G>QFJ1EaupSqYDMPz4vzknUFZziiYGGZN7+R2ZqTsooVmNxVf+A39v > > > > +8aFnh6Ny6w9rveOSXjYYAAL > > > > oejZTqDCPRtnHnW7g4Rp2DktGA47T8ou/ > > > > LOt7MOhtFJSjYUrejxaQLFK35A35sv9pbjF5tCWICe8 > > > > rgawabXh6AvzvOa4/Z8=</G><Y>UTQsust9OOU26ypSLU9/ > > > > sljpyZ9IBrJXVrfgfDMICpxf4hAFVt5CswvJ/CBgy91YjhXMOCdcveJ2 > > > > D2NnevIBRxlU6zLwQB035ec0M2Ctnm9llyVK7Gea3KdYwtgfLyMVFMwXIg6fxjAoimUA4OlOfFp-Y > > > > 65fD6fbwPtGoN0pTeYw=</Y></DSAKeyValue></KeyValue></KeyInfo></ > > > > Signature><samlp:Status> <samlp:StatusCode > > > > Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> > > > > </samlp:Status> > > > > <Assertion ID="ehknpfnbhhcmjabjnlokajjinhobcangjgpiiili" > > > > IssueInstant="2003-04-17T00:46:02Z" Version="2.0"> > > > > <Issuer>https://www.opensaml.org/IDP </Issuer> > > > > <Subject> <NameID > > > > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"> > > > > cuenta.depruebasso3 </NameID> > > > > <SubjectConfirmation > > > > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /> </Subject> > > > > <Conditions NotBefore="2003-04-17T00:46:02Z" > > > > NotOnOrAfter="2008-04-17T00:51:02Z"> </Conditions> > > > > <AuthnStatement > > > > AuthnInstant="2007-12-18T12:22:17Z"> > > > > <AuthnContext> > > > > <AuthnContextClassRef> > > > > urn:oasis:names:tc:SAML: > > > > 2.0:ac:classes:Password </AuthnContextClassRef> > > > > </AuthnContext> > > > > </AuthnStatement> </Assertion></samlp:Response> > > > > </textarea> > > > > <textarea rows=10 cols=80 > > > > name="RelayState">https://www.google.com/a/upr.edu/ServiceLogin?service=ig&passive=fals......</textarea> > > > > </div> > > > > </form> > > > > </body> > > > > > </html> > > > > > On Nov 29, 12:07 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > I am using FireFox to test, but I'll check.... > > > > > > On Nov 26, 9:56 pm, "Alex (Google)" <[EMAIL PROTECTED]> wrote: > > > > > > > Hi Carlos, > > > > > > > Does this happen on Internet Explorer only? It might be an issue > > > > > > with > > > > > > the RelayState not having XML special characters escaped: > > > > > > > & -> & > > > > > > < -> <> -> > > > > > > > > ' -> ' > > > > > > " -> " > > > > > > > -alex > > > > > > > On Nov 26, 5:51 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > Alex, > > > > > > > > Some extra information on this issue: > > > > > > > > The user gets logged on, actually. If I stop the cycle (by > > > > > > > clicking on the browser stop button) and then > > > > > > > tryhttp://www.google.com/a/upr.edu > > > > > > > I get the dashboard as the user I was trying to log on if it is an > > > > > > > administrator, otherwise I get the Google apps logon page telling > > > > > > > me I > > > > > > > need to be an admin to get to the dashboard. So the acs is > > > > > > > creating > > > > > > > the session, but is not redirecting the browser correctly or the > > > > > > > start > > > > > > > page is not recognizing the session. > > > > > > > > Thought it might help you... > > > > > > > > Thanks, > > > > > > > Carlos > > > > > > > On Nov 26, 9:37 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hello Alex, > > > > > > > > > We get the cycle by accessinghttp://inicio.upr.edu, which > > > > > > > > is our > > > > > > > > start page fqdn. Your SP code redirects the user to the IdP > > > > > > > > without > > > > > > > > showing the start page. The three pages in the cycle show up > > > > > > > > just > > > > > > > > after the submit button is pressed on our IdP sign-in page. > > > > > > > > > Thanks, > > > > > > > > Carlos > > > > > > > > > Alex (Google) wrote: > > > > > > > > > Hi Carlos, > > > > > > > > > > Did you get theinfiniteloop using the Gmail gadget Sign in > > > > > > > > > link? > > > > > > > > > That Sign in link is broken (we're working on a fix). > > > > > > > > > > Can you try the Sign in link in the upper right corner of the > > > > > > > > > start > > > > > > > > > page? > > > > > > > > > > -alex > > > > > > > > > > On Nov 20, 5:59 am, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Well, I thought it was solved, but I'm still getting the > > > > > > > > > > cycle... > > > > > > > > > > Here is the acs page: > > > > > > > > > > > <html><body><script> > > > > > > > > > > var url = > > > > > > > > > > 'https://www.google.com/a/upr.edu/ServiceLogin?service\075ig > > > > > > > > > > \046passive\075false\046continue\075http://partnerpage.google.com/ > > > > > > > > > > upr.edu\046followup\075http://partnerpage.google.com/upr.edu\046cd > > > > > > > > > > \075US\046hl\075en\046nui\0751\046ltmpl\075default'; > > > > > > > > > > var parts = (window.location+'').split('#'); > > > > > > > > > > if (parts.length == 2 && parts[1].length > 0) { > > > > > > > > > > url += '#' + parts[1];} > > > > > > > > > > > window.setTimeout(function() { > > > > > > > > > > window.location = url;}, 0); > > > > > > > > > > > </script></body></html> > > > > > > > > > > > I had not tested the fix correctly before. Any ideas? > > > > > > > > > > > Thanks, > > > > > > > > > > Carlos > > > > > > > > > > On Nov 18, 6:37 pm, Cuso <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Thank you! This solved the issue. > > ... > > read more ยป --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
