[cas-user] Google Apps not redirecting from CAS back to Google

Tue, 04 May 2010 14:00:10 -0700 

We have an existing SSO environment using CAS and we are now trying to enable 
Google Apps for Edu (GAE). I've created a new CAS war file and deployed it as a 
test. 
Authentication is working fine.
For normal applications, that use "https://hostname/path/login?service...";, it 
redirects back to the web app after login as expected.
When redirected to login from GAE, the credentials are authenticated but there 
is no redirect from CAS back to GAE. I just get the "Log In Successful" CAS 
page.
In GAE, I'm using https://hostname/path/login as the SSO login URL

I'm using the Maven war overlay method to build CAS 3.4.2

Here's what I have as modifications;
./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml
./src/main/webapp/WEB-INF/classes/private.p8
./src/main/webapp/WEB-INF/classes/public.key
./src/main/webapp/WEB-INF/deployerConfigContext.xml
./src/main/webapp/WEB-INF/login-webflow.xml

In ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml I've added the 
following based on 
http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+%2528Google+Accounts+Integration%2529

<bean
                id="privateKeyFactoryBean"
                class="org.jasig.cas.util.PrivateKeyFactoryBean"
                p:location="classpath:private.p8"
                p:algorithm="RSA" />
<bean
                id="publicKeyFactoryBean"
                class="org.jasig.cas.util.PublicKeyFactoryBean"
                p:location="classpath:public.key"
                p:algorithm="RSA" />        
<bean
                name="googleAccountsArgumentExtractor"
                
class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor"
                p:httpClient-ref="httpClient"
                p:privateKey-ref="privateKeyFactoryBean"
                p:publicKey-ref="publicKeyFactoryBean" />       
 <util:list id="argumentExtractors">
                <ref bean="casArgumentExtractor" />
                <ref bean="samlArgumentExtractor" />
                <ref bean="googleAccountsArgumentExtractor" />
 </util:list>

The keys were created as directed.

The only change in deployerConfigContext.xml is changing 
SimpleTestUsernamePasswordAuthenticationHandler to JaasAuthenticationHandler. 
This is our existing authn mechanism.

I've tried it both with and without the changes to login-webflow.xml suggested 
at:
http://www.ja-sig.org/issues/browse/CAS-868#action_21610
which seems related but not directly applicable.

Here's the http headers from the browser, slightly sanitized.

Any help would be appreciated.

-James


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to