Thanks Takashi, the "not yet valid" problem is solved following your suggestion.
Now, there is the next hurdle to cross. (The use case is same: Google apps sso with the sample Java client provided). In the Google settings, I have given: Sign-in Page: http://tomcat-server:8080/samltool/ProcessResponseServlet and uploaded the DSAPublicKey01.key to the site. I have changed the sample code to reflect mydomain. Now, when I try to login to my domain, the tomcat-server correctly shows up the SAML page, but when I post the saml response, the same tomcat page again comes. This means, that the saml response is not understood by the google domain apps. I had expected the sign-in to be successful. At this moment, the certificate thing is to be looked at. Any tips? Also, do I have to upgrade the tomcat to https? Takashi Matsuo wrote: > Perhaps you can adjust the system clock of the machine where SSO Java > sample works. > I have seen the message 'not yet valid' when the system clock isn't correct. > > -- Takashi Matsuo > > > > On Mon, Dec 1, 2008 at 8:36 PM, ambarish <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am trying out the sample SSO Java client downloaded from: > > http://code.google.com/apis/apps/libraries_and_samples.html#sso > > > > I changed the demodomain and demouser to <mydomain> and <user>. > > However, when I run the sample, at the last stage, when the SAML > > response is sent to google.com/a/<mydomain>acs, I get this error: > > > > <b> > > This service cannot be accessed because your login credentials are not > > yet valid. Please log in and try again. > > </b> > > > > Apparently, this is because the public key loaded in google domain is > > incorrect. How can we rectify this? > > > > In the sample, there is provided the following: > > - DSAPrivateKey01.key > > - DSAPublicKey01.key > > > > It is not mentioned how these keys are generated. I uploaded the > > DSAPublicKey01.key, but that does not seem ok. > > > > Any pointers? > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
