http://www.ja-sig.org/issues/browse/CAS-868
I've using the fix listed in the comments in production and things are just fine. Pat On Tue, May 4, 2010 at 2:06 PM, <scott.battag...@gmail.com> wrote: > There's an open issue in jira targeted at 3.5 with a fix. > > > Sent from my Verizon Wireless BlackBerry > > -----Original Message----- > From: "Gutholm, James" <gutho...@evergreen.edu> > Date: Tue, 04 May 2010 13:57:44 > To: <cas-user@lists.jasig.org> > Subject: [cas-user] Google Apps not redirecting from CAS back to Google > > > We have an existing SSO environment using CAS and we are now trying to > enable Google Apps for Edu (GAE). I've created a new CAS war file and > deployed it as a test. > Authentication is working fine. > For normal applications, that use "https://hostname/path/login?service...";, > it redirects back to the web app after login as expected. > When redirected to login from GAE, the credentials are authenticated but > there is no redirect from CAS back to GAE. I just get the "Log In > Successful" CAS page. > In GAE, I'm using https://hostname/path/login as the SSO login URL > > I'm using the Maven war overlay method to build CAS 3.4.2 > > Here's what I have as modifications; > ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml > ./src/main/webapp/WEB-INF/classes/private.p8 > ./src/main/webapp/WEB-INF/classes/public.key > ./src/main/webapp/WEB-INF/deployerConfigContext.xml > ./src/main/webapp/WEB-INF/login-webflow.xml > > In ./src/main/webapp/WEB-INF/argumentExtractorsConfiguration.xml I've added > the following based on > > http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+%2528Google+Accounts+Integration%2529 > > <bean > id="privateKeyFactoryBean" > class="org.jasig.cas.util.PrivateKeyFactoryBean" > p:location="classpath:private.p8" > p:algorithm="RSA" /> > <bean > id="publicKeyFactoryBean" > class="org.jasig.cas.util.PublicKeyFactoryBean" > p:location="classpath:public.key" > p:algorithm="RSA" /> > <bean > name="googleAccountsArgumentExtractor" > > class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor" > p:httpClient-ref="httpClient" > p:privateKey-ref="privateKeyFactoryBean" > p:publicKey-ref="publicKeyFactoryBean" /> > <util:list id="argumentExtractors"> > <ref bean="casArgumentExtractor" /> > <ref bean="samlArgumentExtractor" /> > <ref bean="googleAccountsArgumentExtractor" /> > </util:list> > > The keys were created as directed. > > The only change in deployerConfigContext.xml is changing > SimpleTestUsernamePasswordAuthenticationHandler to > JaasAuthenticationHandler. This is our existing authn mechanism. > > I've tried it both with and without the changes to login-webflow.xml > suggested at: > http://www.ja-sig.org/issues/browse/CAS-868#action_21610 > which seems related but not directly applicable. > > Here's the http headers from the browser, slightly sanitized. > > Any help would be appreciated. > > -James > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > pbe...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
