https://github.com/Unicon/cas-mfa
I am implementing cas-mfa with support for Duo Security. It works very well for most applications except for our Google Apps for Education site. Here are my observations: - If I authenticate with MFA to Gmail on a new browser session, I get a blank page - All subsequent requests for Gmail succeed - If I am a user that does not require MFA, then authenticating in a new browser session succeeds Observations using the web developer tool in Firefox: No MFA required - Google redirects to CAS with a SAMLRequest - I enter credentials and POST to CAS - CAS returns SAMLResponse and gets POSTed to Google at /acs MFA is required - After entering credentials, CAS goes back to login page with duo request - I MFA authenticate and POST to CAS - CAS issues a redirect to /acs on Google with the ticket id - Google is expecting a POSTed SAMLResponse so displays a blank page So, it seems like the SAMLResponse goes missing when the Duo Security dialog is injected into the flow. Has anyone else run into this issue? Is there a solution for avoiding the blank page? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
