Recipient value needs to be equal to the ACS URL
troynt - August 13, 2008 - 15:24
| Project: | Google Apps Authentication |
| Version: | 5.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Description
http://groups.google.com/group/google-apps-apis/browse_thread/thread/35c...
For example, if your domain is "domain.com" and your ACS URL is
"https://www.google.com/a/domain.com/acs", then the Recipient
attribute in the SAMLResponse would be:
<samlp:Response ...>
<saml:Assertion ...>
<saml:Subject>
<saml:NameID ...>u...@domain.com</saml:NameID>
<saml:SubjectConfirmation ...>
<saml:SubjectConfirmationData Recipient="https://
www.google.com/a/domain.com/acs" .../>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:Assertion>
</samlp:Response>
#1
The value of $curr in googleauth.module is incorrect. It doesn't have the required tag - SubjectConfirmationData. I have replaced it with the response XML template obtained from the PHP reference implementation of SSO provided by Google. The patch for googleauth.module with required changes is attached.