Server error - We are unable to process your request at this time, please try again later.
1,893 views
Skip to first unread message
Brian Bolt
Feb 14, 2011, 8:08:36 PM2/14/11
to google-app...@googlegroups.com
After transitioning my account, I get the following when attempting to login via SAML:
Google Apps - Server error
Server error
We are unable to process your request at this time, please try again later.
NOTE: a different users' account was transitioned without experiencing the issue that I have described.
Google Apps - Server error
Server error
We are unable to process your request at this time, please try again later.
NOTE: a different users' account was transitioned without experiencing the issue that I have described.
Brian
Michael Manoochehri
Feb 14, 2011, 8:38:02 PM2/14/11
to SAML-based Single Sign On for Google Apps
Hi Brian:
It's hard to tell what might be happening with only this error
message. Is it possible that your newly transitioned account has the
"force password change at next login" flag toggled? What SSO IdP
software are you using?
Thanks
- Michael
It's hard to tell what might be happening with only this error
message. Is it possible that your newly transitioned account has the
"force password change at next login" flag toggled? What SSO IdP
software are you using?
Thanks
- Michael
Brian Bolt
Feb 14, 2011, 9:05:51 PM2/14/11
to google-app...@googlegroups.com
The account does not have the "require a change of password in the next sign in" set. Fwiw... This domain was probably part of the trusted tester program.
We are using the Google Apps SSO SAML code.
Brian
Michael Manoochehri
Feb 14, 2011, 9:19:59 PM2/14/11
to SAML-based Single Sign On for Google Apps
Hi Brian,
Thanks for letting us know. The (now deprecated) SSO reference code
you are using is no longer supported by Google Apps. Basically, the
reference code failed to return the correct RelayState parameter
provided to the IdP by Google Apps. We require that all SAML Responses
not return the RelayState as provided by Google Apps (which is sent to
the IdP along with the SAML request).
In place of the SSO reference code, we suggest that you use one of the
popular open source SSO IdP packages out there, such as SimpleSAMLPHP
or Shibboleth.
- Michael
> We are using the Google Apps SSO SAML code<http://code.google.com/googleapps/domain/sso/saml_reference_implement...>
> .
>
> Brian
Thanks for letting us know. The (now deprecated) SSO reference code
you are using is no longer supported by Google Apps. Basically, the
reference code failed to return the correct RelayState parameter
provided to the IdP by Google Apps. We require that all SAML Responses
not return the RelayState as provided by Google Apps (which is sent to
the IdP along with the SAML request).
In place of the SSO reference code, we suggest that you use one of the
popular open source SSO IdP packages out there, such as SimpleSAMLPHP
or Shibboleth.
- Michael
> .
>
> Brian
Brian Bolt
Feb 14, 2011, 9:48:38 PM2/14/11
to google-app...@googlegroups.com
Hi Michael,
Thank you for your reply.
Brian
Michael Manoochehri
Feb 15, 2011, 1:05:12 AM2/15/11
to SAML-based Single Sign On for Google Apps
Hi Brian:
Just to be clear, the SAML reference code you are referring to has
been deprecated for some time, and our SAML SSO service is currently
SAML 2.0 compliant. However, we do appreciate your suggestion, and we
are in the process of updating all of our SAML/SSO documentation to
avoid the potential for confusion that you have reported!
Thanks,
- Michael
On Feb 14, 6:48 pm, Brian Bolt <brianb...@gmail.com> wrote:
> Hi Michael,
>
> Thank you for your reply.
>
> I would like to suggest that if the code is deprecated and no longer
> supported, then a statement to that effect should be clearly listed on
> the SAML Single Sign-On (SSO) Service for Google Apps page. To state on the
> page that: "The Google Apps SSO service is based on the SAML v2.0
> specifications<http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#s...>.
Just to be clear, the SAML reference code you are referring to has
been deprecated for some time, and our SAML SSO service is currently
SAML 2.0 compliant. However, we do appreciate your suggestion, and we
are in the process of updating all of our SAML/SSO documentation to
avoid the potential for confusion that you have reported!
Thanks,
- Michael
On Feb 14, 6:48 pm, Brian Bolt <brianb...@gmail.com> wrote:
> Hi Michael,
>
> Thank you for your reply.
>
> I would like to suggest that if the code is deprecated and no longer
> supported, then a statement to that effect should be clearly listed on
> the SAML Single Sign-On (SSO) Service for Google Apps page. To state on the
> page that: "The Google Apps SSO service is based on the SAML v2.0
Reply all
Reply to author
Forward
0 new messages