Hi Alex, That's what I've been doing all along, unfortunately :-(. So I guess the answer to your question is that the problem is still there. Thanks for looking into this, -Patricia
Patricia Goldweic [EMAIL PROTECTED] > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] On Behalf Of Alex (Google) > Sent: Friday, October 24, 2008 6:13 PM > To: Google Apps APIs > Subject: [google-apps-apis] Re: SSO and security > > > Hi Brian, Patricia, > > Can you change your hard-coded RelayState from: > > http://mail.google.com/... > > to the actual RelayState which comes with the SAMLRequest? > > To see what this value is, go to the service URL (without signing in > first): > > http://mail.google.com/a/yourdomain.com > > You'll be redirected to your SSO Sigin-in URL with the > SAMLRequest and RelayState parameters. > > Take the RelayState parameter, URL-decode it, and replace > your current RelayState in the ACS URL form with this value. > > Let me know if you still have this problem. Thanks. > > -alex > > On Oct 20, 5:30 am, "Julian (Google)" <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Thanks again for bringing this up, we keep track of this > requests to > > improve our products. Unfortunately there isn't a solution > for a user > > walking away with the session/browser open, at the moment > the best is > > to advise users to close the session/browser. > > > > Julian > > > > On Oct 17, 1:57 pm, "Patricia Goldweic" <[EMAIL PROTECTED]> > > wrote: > > > > > Everybody is experiencing the same issue, and I second > your request > > > to Google for some upgrade to their end that includes a > 'logout' of > > > some kind (clearing cookies as you suggest) before the > redirection > > > to the partner SSO happens. This would really help, and not just > > > with respect to security. For example, in our case, our > Google Apps > > > integration allows users to log in consecutively to different > > > accounts to share information with different university > courses, so we have the same kind of problem as you have. > > > -Patricia > > > > > Patricia Goldweic > > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > > > From: [email protected] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Brian > > > > Sent: Thursday, October 16, 2008 9:25 PM > > > > To: Google Apps APIs > > > > Subject: [google-apps-apis] SSO and security > > > > > > Hi. > > > > > > We're experiencing the same issue as noted here > > > >http://groups.google.com/group/google-apps-apis/msg/2a010bc76c > > > > 267588?pli=1. > > > > > > Simply stated, if a user browses away from their SSO > authenticated > > > > mail session and walks away from the computer, the next > person to > > > > sign on will get the previous users' email. > > > > > > The responses I've seen so far haven't really addresses > the issue, > > > > since most require the user to click the sign out link in some > > > > way. > > > > It's inevitable that some will forget and we need something to > > > > mitigate the resulting security problems. > > > > > > Would it be possible for Google to add a bit of code on > their end, > > > > perhaps checking a parameter requesting a session clear? > > > > Something likehttp://www.google.com/a/abc.com/?clearstate > > > > and kill the session cookies before issuing a redirect > to our SSO? > > > > page. > > > > > > TIA > > > > > > -brian > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
