Thanks for your response, Alex. The URL you gave at the end is broken, though. Can you check it and supply one that works?
Regards, Carlos On Mar 24, 4:56 am, "Alex (Google)" <[EMAIL PROTECTED]> wrote: > Hi Carlos, > > Thanks for the detailed description. The problem is most likely due > to too many authentication attempts from your server IP address. Both > unsuccessful attempts and successful attempts can contribute to the > likelihood of triggering a CAPTCHA challenge, which requires that > someone answer the challenge from the same IP address in order to > regain access to the authentication service (UserService uses > ClientLogin). ClientLogin was not designed for the scenario you > described. The CAPTCHA logic safeguards against abuse of the > ClientLogin service for guessing user passwords. > > In order to avoid CAPTCHA errors, you would need to modify your > application so that it does not authenticate so frequently. As a > short term solution perhaps you could meter the ClientLogin requests > so that the frequency does not trigger CAPTCHA errors. > > The longer term solution might be to have your SSO site re-establish a > user's identity through secondary means (e.g. something only the user > would know) in order to set the SSO password. This is just an idea, > and not necessarily a good suggestion, depending on what your business > and security requirements are. > > Transitioning from Google Apps sign in to SSO sign in is not a common > use case that I have seen. Maybe someone else in the group has gone > through it before and can share their ideas. > > For more about CAPTCHA errors, see the Provisioning API FAQ: > > http://code.google.com/support/bin/topic.py?topic=11282 > > -alex > > On Mar 22, 8:46 am, Cuso <[EMAIL PROTECTED]> wrote: > > > Hello: > > > We are getting an AuthenticationException thrown by the > > setUserCredentials method of the UserService object when attempting to > > login a user to Google from the SSO site. This only happens for some > > users. We think it might be related to having multiple users login to > > the system from the same computers, which might cause the server to > > generate a captcha challenge or something similar. We double-checked > > that we are using the right credentials. When we try to log the user > > in throughhttps://www.google.com/a/upr.eduweget a captcha and after > > responding to it the user gets presented with the agreement pagefrom > > Google. We have searched the groups for some clue as to how to > > respond to this exception, but have had no luck so far. We need help > > with this pretty soon, since students are being required by the > > institution to use the account to look at their finantial aid records > > and some of them are not being able to log in. > > > The reason we need to have this operation working in our SSO site > > is so that we can do credentials migration from Google to the LDAP > > directory which the SSO site refers to when authenticating users. > > Since passwords were managed by Google from the start, and we didn't > > want to force users to reset their passwords when the SSO system came > > on-line, we deviced a strategy to migrate the same credentials from > > Google as they logged in. We try to authenticate them using the > > UserService if the credentials have not been migrated to our directory > > yet. If they are authenticated successfully, we save those > > credentials in our directory and mark them migrated so the next time > > around we don't have to go through Google. > > > We need to know what could be causing this exception to be > > thrown. If we can avoid it in the first place we would try to do so. > > We also need to know how to deal with it so that the user gets to > > login at some point after resolving the challenge, if that is what is > > causing it. > > > Regards, > > Carlos --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
