Google Apps SSO not working with Lasso 2.3.2
After Lasso update (to stable version 2.3.2), I cannot log into Google Apps via SAML:
{panel:title=Apache error log} [Mon Sep 27 09:32:26 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: URL https://auth.vm2.lemonsaml.linagora.com/saml/singleSignOn detected as an SSO request URL [Mon Sep 27 09:32:26 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-REDIRECT [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Found entityID google.com in SAML message [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: google.com match GoogleApps SP in configuration [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Message signature will not be checked [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO: authentication request is valid [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Found ForceAuthn flag with value 0 [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: No ForceAuthn session found for session 4f6f53749f4433443af8dae49c8909d5 [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: No Destination in SAML message [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285572739 in SAML2 date: 2010-09-27T07:32:19Z [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285644739 in SAML2 date: 2010-09-28T03:32:19Z [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO: assertion is built [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Get NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified from request [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: NameID Format is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: NameID Content is lemonsaml@linid.org [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SAML2 attribute uid is not mandatory [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Set sessionIndex ugCc3UEY0612JizCi2TvUKn4jydVxivky3RGw99hfhfkGq53XsikHc2WGP2ZOikj (encrypted from 4f6f53749f4433443af8dae49c8909d5) [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285644739 in SAML2 date: 2010-09-28T03:32:19Z [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Set sessionNotOnOrAfter 2010-09-28T03:32:19Z [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO response will be signed [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-09-27 09:32:27\tcan't find assertion consumer service url (going for default) [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-09-27 09:32:27 (profile.c/:1242) Unable to find Profile URL in metadata [Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error code -410: Unable to find Profile URL in metadata [Mon Sep 27 09:32:27 2010] [error] Unable to build SSO response message {panel}
Registered metadata:
{panel:Google Apps metadata} <md:EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress </md:EntityDescriptor> {panel}