On Jun 21, 1:30 am, "Alex (Google)" <[EMAIL PROTECTED]> wrote:
> Yesterday we added an extra check on the SAMLResponse for new domains. ... It looks as if the samltool.war at http://code.google.com/apis/apps/sso/samltool.war, linked from http://code.google.com/apis/apps/sso/saml_reference_implementation_web.html hasn't been updated for this: <samlp:Response ...> <Assertion ...> <Subject> <NameID ...> demouser </NameID> <SubjectConfirmation ... /> </Subject> </Assertion> </samlp:Response> I'll try rebuilding based on the source in http://google-apps-sso-sample.googlecode.com/files/sso-sample-1.0.1-java.zip > Existing domains do not have this extra check ... It looks as if the psosamldemo.net, as used by the un-edited demo code, does: "Google Apps - This service cannot be accessed because your login request contained no recipient information. Please log in and try again." This is probably a good idea, but came as a surprise given the issue with samltool.war above. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
