So I'm trying to set my browser home page to the Case/Google partner page. When I open my browser, I get the Case network authentication page. I type in my user/pass, and then hit login. What happens next is that there is this endless loop between a page titled "Case's Google Identity Provider" and a page titled "redirecting..."

If I allow this cycle to run to completion (about a minute), I get the following error:

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.lang.RuntimeException: didn't allocate enough space to hold decompressed data
	servlets.SubmitSAMLResponse.decodeAuthnRequestXML(SubmitSAMLResponse.java:107)
	servlets.SubmitSAMLResponse.doGet(SubmitSAMLResponse.java:278)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

note The full stack trace of the root cause is available in the Apache Tomcat/5.5.15 logs.
Apache Tomcat/5.5.15

However, if I hit the "Stop" button on my browser at any point, and then Refresh, I get the correct page. I'm using Firefox 2.0.0.14 on OS 10.5.2.

It doesn't matter which of the following page addresses I use, it still happens:

http://webstart.case.edu/
http://partnerpage.google.com/case.edu
http://partnerpage.google.com/ig?hl=en

I am an ex-IT person and I will admit I have put absolutely zero brainpower into solving this. I thought perhaps this was a known issue or there was a simple fix and one of you could be my hero before I run crying to ITS.

Yea, I know about it. I've tried fixing it several times, but each time I try, I end up breaking the redirections for GMail and GCalendar. I figured it was better to leave them working at the expense of webstart.

You can see a post here on some Google Groups (http://groups.google.com/group/google-apps-apis/browse_thread/thread/b22bf7846e2cae2d/a9cdd4a052a6057d) where I was working with some Google people to try and solve it.

It all comes down to some double/triple-encoding of URLs somewhere in the redirection that get decoded one level too far or needs decoded one more time.

A simple example:

http://a.com?from=b.com&redirect_to=c.com%3Flogin%3Dtrue%26via%3Dcase.edu

which gets encoded into something like this:

http://a.com?from%3Db.com%26redirect_to%3Dc.com%253Flogin%253Dtrue%2526via%253Dcase.edu

and then double-encoded:

http://a.com?from%253Db.com%2526redirect_to%253Dc.com%25253Flogin%25253Dtrue%252526via%25253Dcase.edu

And then somewhere in the double-decoding, that original "redirect_to" parameter ("redirect_to=c.com%3Flogin%3Dtrue%26via%3Dcase.edu") gets decoded too often (or didn't get encoded the one more time it should have), such that the end result (which should just look like the original URL) looks like:

http://a.com?from=b.com&redirect_to=c.com?login=true&via=case.edu

Which is a crucial difference.

I think I've tracked the issue down to CAS, so I'm hoping that the switch from JA-SIG's CAS to RubyCAS will fix it.

If that doesn't work, then I'm just going to have to spend a lot of time with LiveHTTPHeader and bleeding eyes as I try to track down these nuanced encode/decode problems.

In the meantime, just keep performing your work around. Sorry.

tl;dr: Troubleshooting URL encoding/decoding issues makes eyes bleed. Hoping switch to different CAS server fixes it.

--
Jeremy

Thanks for your quick response, Jeremy.

I should clarify for anyone reading this thread that the workaround I described in my first post wasn't quite right - a "Refresh" leads to the same loop. Entering the address again, however (whether in the address bar or via a bookmark) seems to do the trick.

How-to:

1. Set GoogleApps page address (http://partnerpage.google.com/case.edu) as home page
1a. Bookmark (bookmark toolbar?) this address as well
2. Login to the Case single sign-on
3. Once the Loop of Death has begun, hit the stop button or just proceed to
4. Re-enter the address (http://partnerpage.google.com/case.edu) in the address bar and hit enter, or simply select the corresponding bookmark

I sometimes use the 'webstart.case.edu' page, and have found that the loop-of-death can be broken fairly easily--it alternates between 2 URLs, one of which is:

https://www.google.com/a/case.edu/acs

Hitting the browser 'stop' button and deleting the 'acs' from the end of the URL fixes things.