tags:

views:

2680

answers:

3
+3  Q: 

Google Apps domain as OpenID provider

  1. How can I make my Google Apps domain to be OpenID provider. Is there any documentation, tutorial, working example something?

  2. How to authenticate users in my own application using Google Apps domain authentication (I mean without OpenID). I've heard that it's something about gdata api but I don't know where to start. Are there any useful tutorials howtos or working examples?

I would like to know about free or open source solutions.

+3  A: 

Their OpenID Federated Login Service looks like the place to start. It's based on OpenID and allows you to have users sign-in to your site using their Google Apps ID. It looks like it's not supported with Google Apps Standard edition.

http://code.google.com/apis/apps/sso/openid_reference_implementation.html

There is also the Single Sign-On framework that doesn't use OpenID which may be the answer to #2.

http://code.google.com/apis/apps/open_source_projects.html#sso

David Smith  2009-07-29 22:33:01
+3  A: 

You don't have to do anything to make your Google Apps domain an openid provider. BUT, Google's special OpenID service for Apps for Domains requires OpenID relying parties to implement a special (proprietary) discovery mechanism and most RPs don't [yet]. So, if you're testing against that, it won't work.

One way to test is go to an OpenID RP that uses RPXNow. RPX is one of those RPs that do accept Google's new discovery mechanism. jyte.com for example. Try logging in there.

Andrew Arnott  2009-07-30 05:51:51
This is no longer true. Free customers don't get openid and you need to explicitly enable it. From http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html: "Note: The Federated Login Service is disabled by default for Google Apps Premier and Education Editions. The domain admin can enable it from the Control Panel at http://www.google.com/a/cpanel/<your-domain>/SetupIdp."
Leopd  2010-07-23 22:07:49
+3  A: 

Regardin question number 1, i've been working on this for the past few days now.

Check it out here: http://stackoverflow.com/questions/436829/how-do-you-delegate-your-openid-to-google-apps

It appears Google doesn't allow delegation, so you can't just put the meta information in the header of your document. I believe you have to create a file called yourdomain.com/.well-known/host-meta that points to the XRDS file on the Google server. It's explained better on the discovery API page. Sorry, that's all jargon, but I don't know how otherwise to explain it.

For Google federated OpenID testing try: http://www.puffypoodles.com/

The delegation issue is better in the Google group for the OpenID federated login API.

Regarding question number 2, the federated login API provides OAuth goodness, so you can pull in user info and use auth tokens etc. Check the federated login API.

Hope that helps.

Mike Meyer  2009-08-05 17:45:51

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?