Issues getting GoogleApps working on 5.3.6

71 views
Skip to first unread message

JF Poulin

unread,
Dec 11, 2018, 6:24:34 PM12/11/18
to CAS Community
Upgraded my version of CAS to 5.3.6 from 5.1.3. In the new version CAS seems to be ignoring the SAMLRequest parameter being generated by Google Apps. 

When a user logs in, they just get redirected to the usual successful login page instead of being sent back to Google. 

I'm building my own WAR file using gradle and I can see that the module for GoogleApps is being loaded in the debug logs and that the public and private keys are also getting loaded from the disk properly.

Any ideas what I can do to troubleshoot? 

Thanks.
Message has been deleted

JF Poulin

unread,
Dec 12, 2018, 3:48:39 PM12/12/18
to CAS Community
After a lot of debugging, I have discovered that the XML is not being properly inflated in AbstractSaml20ObjectBuilder at line 442: CompressionUtils.inflate(decodedBytes);

java is complaining about the zip header

JF Poulin

unread,
Dec 13, 2018, 9:49:38 AM12/13/18
to CAS Community
I patched the CompressionUtils file and replaced the inflate function with the one from 5.1.x and now GoogleApps is working again. 

Was there a reason the function was re-written in the first place other than trying to make it more efficient? I'm thinking of submitting a pull request to revert the code for inflate back.

Tepe, Dirk

unread,
Dec 13, 2018, 12:32:28 PM12/13/18
to cas-...@apereo.org
I just reproduced the broken behavior using CAS 5.3.5 and 5.3.7-SNAPSHOT. We are preparing to upgrade our CAS server but have not tested Google Apps since our initial work with 5.2.x, when it did work correctly IIRC.

We are going to pursue pretty aggressively because it has major consequences for us.

Thank you for reporting this and your work to identify the cause.

-dirk

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb7038da-ad87-499d-b68b-1accc0b7791e%40apereo.org.

Tepe, Dirk

unread,
Dec 13, 2018, 4:17:25 PM12/13/18
to cas-...@apereo.org
Fortunately, Miami University is in a position to facilitate addressing this issue. Thanks to the efforts of Unicon (https://www.unicon.net/) the latest snapshot build of 5.3.7 appears to address this issue. If anyone else is following this and can help test the Google Apps integration, please do so and update this thread.

-dirk

Samuel Garçon

unread,
Dec 16, 2018, 1:40:44 PM12/16/18
to CAS Community
Hi,

Upgrading from CAS 5.2.3 to 5.3.6 and i have the same problem.
Upgrading from 5.3.6 to 5.3.7-SNAPSHOT, idP for G suite is working :)

Thanks Dirk & Unicon :)

Sam
Reply all
Reply to author
Forward
0 new messages