I've got Google Apps Premier working with Yubikey's SAML authentication. I followed the step by step instructions found here, *including* the step to "Use a domain specific issuer": http://wiki.yubico.com/wiki/index.php/S ... StepByStep
Login/logout works fine. However, when my users try to change their passwords (we assign them something generic to start and allow them to change it) via the Change Password link, they are taken to a Yubico page with the Administrator account hard coded. See: http://saml.yubico.com/simplesaml/
My expectation is that the domain and username would be passed through to the authentication server such that the user could change his/her password (I believe this is what "Use a domain specific issuer" is supposed to do). This isn't working properly.
Has anyone else got this to work correctly?