IdP passive mode support
381 views
Skip to first unread message
Martin Hamilton
Jun 15, 2011, 5:59:19 PM6/15/11
to simple...@googlegroups.com
Hi folks,
I'm using a simpleSAMLphp IdP with (amongst other things) a Google Apps SP.
Google periodically send passive SAML requests, which simpleSAMLphp barfs on - this is the check
Martin Hamilton
Jun 15, 2011, 6:13:58 PM6/15/11
to simple...@googlegroups.com
[Doh! I'll finish the message this time ;-]
Hi folks,
I'm using a simpleSAMLphp IdP with (amongst other things) a Google Apps SP.
Google periodically send passive SAML requests, which simpleSAMLphp barfs on - this is the check in lib/SimpleSAML/IdP.php which says:
if (isset($state['isPassive']) && (bool)$state['isPassive']) {
throw new SimpleSAML_Error_NoPassive('Passive authentication not supported.');
}
Other than causing my log files to fill up with backtraces, I'd thought this was harmless. However, we have been getting a steady trickle of people complaining about their Google Apps sessions being curtailed abruptly, and I was wondering if the two could be related. Specifically, whether the response that simpleSAMLphp is sending back is causing something to barf at their end.
FYI it looks like Google are using passive SAML to decide whether to present you with a generic iGoogle page or a personalized one at partnerpage.google.com/YOURDOMAIN.
Anyone else experiencing something similar? Thanks in advance for any thoughts!
Cheers,
Martin
Chris Seufert
Jun 15, 2011, 7:24:43 PM6/15/11
to simple...@googlegroups.com
Well i do get those errors, however they are only thrown when i have
no active sing-on session. If i ensure that i am authenticated (from
any SAML SP), then the passive auth succeeds.
no active sing-on session. If i ensure that i am authenticated (from
any SAML SP), then the passive auth succeeds.
> --
> You received this message because you are subscribed to the Google Groups
> "simpleSAMLphp" group.
> To post to this group, send email to simple...@googlegroups.com.
> To unsubscribe from this group, send email to
> simplesamlph...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/simplesamlphp?hl=en.
>
Tom Scavo
Jun 17, 2011, 8:21:32 AM6/17/11
to simple...@googlegroups.com
On Wed, Jun 15, 2011 at 6:13 PM, Martin Hamilton <m...@martinh.net> wrote:
>
> I'm using a simpleSAMLphp IdP with (amongst other things) a Google Apps SP.
> Google periodically send passive SAML requests, which simpleSAMLphp barfs on
>
>
> I'm using a simpleSAMLphp IdP with (amongst other things) a Google Apps SP.
> Google periodically send passive SAML requests, which simpleSAMLphp barfs on
>
> Other than causing my log files to fill up with backtraces, I'd thought this
> was harmless. However, we have been getting a steady trickle of people
> complaining about their Google Apps sessions being curtailed abruptly, and I
> was wondering if the two could be related. Specifically, whether the
> response that simpleSAMLphp is sending back is causing something to barf at
> their end.
> was harmless. However, we have been getting a steady trickle of people
> complaining about their Google Apps sessions being curtailed abruptly, and I
> was wondering if the two could be related. Specifically, whether the
> response that simpleSAMLphp is sending back is causing something to barf at
> their end.
From what you've said, it appears that simpleSAMLphp is doing the
Right Thing so perhaps you might want to pursue this further on the GA
side. If they're not handling the error correctly (I'm not sure from
your description if that's the case), only Google can fix it.
Tom
Reply all
Reply to author
Forward
0 new messages