CAS Server
  1. CAS Server
  2. CAS-679

GoogleAccountsArgumentExtractor doesn't work for new Google Apps domains

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2, 3.2.1
    • Fix Version/s: 3.3
    • Component/s: Authentication
    • Labels:
      None

      Description

      http://code.google.com/apis/apps/faq.html#recipient

      Google changed SAML response requirements for Google Apps SSO. While the GoogleAccountsArgumentExtractor works for existing domains, new domains will not be able to authenticate - you receive a "recipient missing" error message.

      Workaround is to request that the new check be disabled: http://groups.google.com/group/google-apps-apis/browse_thread/thread/35c9d1a049ef71f3

        Activity

        Hide
        Scott Battaglia added a comment -

        I've added the code in if anyone can test it. We don't have a way to test it here unless I set up for the test domain.

        Show
        Scott Battaglia added a comment - I've added the code in if anyone can test it. We don't have a way to test it here unless I set up for the test domain.
        Hide
        Parker Grimes added a comment -

        I deployed this fix into our production CAS last night. Everything seems to still work just fine. Users are still able to get into our Google Apps instance. I sent an email to the Google Apps SSO support email asking how I can truly verify that it meets their requirements... I am confident that it does, but it would be nice for them to validate that fact. I will come back and post the reply I get from them.

        Show
        Parker Grimes added a comment - I deployed this fix into our production CAS last night. Everything seems to still work just fine. Users are still able to get into our Google Apps instance. I sent an email to the Google Apps SSO support email asking how I can truly verify that it meets their requirements... I am confident that it does, but it would be nice for them to validate that fact. I will come back and post the reply I get from them.
        Hide
        Parker Grimes added a comment -

        For clarification, I deployed CAS 3.3 RC2 and the Google Apps SSO team verified that it works.

        Show
        Parker Grimes added a comment - For clarification, I deployed CAS 3.3 RC2 and the Google Apps SSO team verified that it works.

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Andrew Kursar
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: