[Fwd: Action Required: Update needed for my.utsa.edu SSO with Google Apps]

Scott Battaglia scott.battaglia at gmail.com
Wed Jul 2 16:24:05 EDT 2008 

We already have an open JIRA issue for this :-)  We'll probably look at it
early next week.

This is the issue I am referring to:
http://www.ja-sig.org/issues/browse/CAS-679

in case you want to confirm that its the same thing this email is talking
about.

-Scott


-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Wed, Jul 2, 2008 at 4:12 PM, Mark McCoy <ghi800 at my.utsa.edu> wrote:

> Hey all,
>
> I just received this notice from Google about a change that they are making
> in order for them to comply further with the SAML 2.0 spec.  Does this
> affect the CAS 3.1 Google Apps module?
>
> Thanks, Mark
>
> ---------- Forwarded message ----------
> From: Mark McCoy <mark.mccoy at utsa.edu>
> Date: Wed, Jul 2, 2008 at 3:08 PM
> Subject: [Fwd: Action Required: Update needed for my.utsa.edu SSO with
> Google Apps]
> To: ghi800 at my.utsa.edu
>
>
>
>
> -------- Original Message --------  Subject: Action Required: Update
> needed for my.utsa.edu SSO with Google Apps  Date: Wed, 2 Jul 2008
> 12:56:17 -0700 (PDT)  From: Google Apps Support
> <apps-sso-support at google.com> <apps-sso-support at google.com>  To:
> unix at utsa.edu
>
> Hello administrator of domain my.utsa.edu,
>
> Nothing is more important to us than the security of your users' data.  We are emailing you because we have detected that your Google Apps single sign-on (SSO) implementation may be vulnerable to a theoretical security hole.  We would like to emphasize that we have not received any reports of this vulnerability being exploited.
>
> In order to improve the security of Google Apps SSO, we have added a requirement on the data your sign-in application (identity provider) sends.  You must update your sign-in application by the end of August 2008.  The new requirement is described here:
> http://code.google.com/apis/apps/faq.html#recipient
>
> If your sign-in application is derived from our sample code, please refer to the latest version of the sample code for the changes you'll need to make to your own code.  The updates to the sample code are also described in the link above.
>
> If your sign-in application was not derived from our sample code, e.g. is a third-party identity provider software, please forward this information to the developers of the identity provider software.
>
> Important Notes:
>
>   - We will begin enforcing this new requirement on your sign-in application by the end of August 2008.
>
>   - In the meantime, we will continue to accept the current responses from your sign-in application so that your users can continue to sign in to Google Apps.
>
>   - If you are unable to update your sign-in application by the end of August 2008, please email apps-sso-support at google.com.
>
>   - If you are about to deploy Google Apps SSO for new domains, you will need to ensure this new requirement is met for those domains prior to deployment.
>
> If you have any questions, please email apps-sso-support at google.com.
>
> Thank you for your consideration.
>
> The Google Apps Team
>
>
> --
> Mark McCoy
> OIT Enterprise Services
> The University of Texas at San Antonio
> 210-458-5871
>
>
>
>
> --
> Mark McCoy
> Enterprise Services (Unix Group)
> Office of Information Technology
> The University of Texas at San Antonio
> (210) 458-5871
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080702/7e79790d/attachment.html

More information about the cas mailing list