There's an open issue in jira targeted at 3.5 with a fix.
Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "Gutholm, James" <gutho...@evergreen.edu> Date: Tue, 04 May 2010 13:57:44 To: <cas-user@lists.jasig.org> Subject: [cas-user] Google Apps not redirecting from CAS back to Google We have an existing SSO environment using CAS and we are now trying to enable Google Apps for Edu (GAE). I've created a new CAS war file and deployed it as a test. Authentication is working fine. For normal applications, that use "https://hostname/path/login?service...", it redirects back to the web app after login as expected. When redirected to login from GAE, the credentials are authenticated but there is no redirect from CAS back to GAE. I just get the "Log In Successful" CAS page. In GAE, I'm using https://hostname/path/login as the SSO login URL I'm using the Maven war overlay method to build CAS 3.4.2 Here's what I have as modifications; ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml ./src/main/webapp/WEB-INF/classes/private.p8 ./src/main/webapp/WEB-INF/classes/public.key ./src/main/webapp/WEB-INF/deployerConfigContext.xml ./src/main/webapp/WEB-INF/login-webflow.xml In ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml I've added the following based on http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+%2528Google+Accounts+Integration%2529 <bean id="privateKeyFactoryBean" class="org.jasig.cas.util.PrivateKeyFactoryBean" p:location="classpath:private.p8" p:algorithm="RSA" /> <bean id="publicKeyFactoryBean" class="org.jasig.cas.util.PublicKeyFactoryBean" p:location="classpath:public.key" p:algorithm="RSA" /> <bean name="googleAccountsArgumentExtractor" class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor" p:httpClient-ref="httpClient" p:privateKey-ref="privateKeyFactoryBean" p:publicKey-ref="publicKeyFactoryBean" /> <util:list id="argumentExtractors"> <ref bean="casArgumentExtractor" /> <ref bean="samlArgumentExtractor" /> <ref bean="googleAccountsArgumentExtractor" /> </util:list> The keys were created as directed. The only change in deployerConfigContext.xml is changing SimpleTestUsernamePasswordAuthenticationHandler to JaasAuthenticationHandler. This is our existing authn mechanism. I've tried it both with and without the changes to login-webflow.xml suggested at: http://www.ja-sig.org/issues/browse/CAS-868#action_21610 which seems related but not directly applicable. Here's the http headers from the browser, slightly sanitized. Any help would be appreciated. -James -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user