tags:

views:

8268

answers:

8
+13  Q: 

How do you delegate your OpenId to Google Apps

Hi,

I use Google Apps for my domain email, and I was wondering if I could use that account for OpenID instead of the regular Gmail account.

I know I can delegate Openid to some other URL using this:

<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://samruby.myopenid.com/" />

But I can't find the appropriate URLs for Google.

Thanks

-Mathieu

+3  A: 

My understanding is that Google is not exposing that server url, and as such makes this technique inoperable for a Google OpenID.

Nathan Feger  2009-01-12 20:23:18
+4  A: 

MyOpenID.com does offer openid on your own domain.

Cade Roux  2009-01-12 20:35:10
But won't the authentication for this all still go through myopenid.com? I think the OP was asking about using his existing domain credentials.
Kris Kumler  2009-01-13 14:39:16
I see what you're saying. Hopefully the point will be moot one day when all services are OpenID consumers.
Cade Roux  2009-01-13 15:56:54
+1  A: 

They say they will in the future but doesn't give any clue to when the future will be here. See this thread in Google groups http://groups.google.com/group/google-federated-login-api/browse_thread/thread/19b33847210e5708

 2009-01-24 00:32:20
+4  A: 

It's not possible.

Note: OpenID authentication is currently supported for Google accounts only, not Google Apps (hosted) accounts

© http://code.google.com/apis/accounts/docs/OpenID.html

darkk  2009-03-23 16:17:02
This answer is outdated.
Jeff Martin  2010-10-01 04:49:01
A: 

Cade Roux's approach works great: it takes about 10 minutes to get an MyOpenID.com account set up and working for your own domain. It operates through a CNAME DNS record, so while MyOpenID does indeed host the necessary code for OpenID authentication, you use your own URL.

Sebastian Good  2009-04-18 20:20:06
The question is how to do it with it using one's Google account, not how to do it with [insert other provider]
toolbear74  2010-01-24 05:53:27
+6  A: 

You can run your own openid server in your Google Apps domain (using GAE) - Google provides sample code of openid server. I've recently ported this to latest OpenID library, so now it is Openid 2.0 compatible. Project page: http://code.google.com/p/appengine-openid-provider/

mrk  2009-04-30 21:02:34
+8  A: 

Google recently (an hour or so ago) announced OpenID support for Google Apps customers.

Check out the discovery protocol on Google Groups. Should be a good start.

I believe the endpoint is ht tps://www.google.com/accounts/o8/site-xrds?hd=your-domain.com

Mike Meyer  2009-07-30 05:00:13
I now accept this answer, since the situation has changed, with the caveat that this is only available to _paying_ Google Apps customers.
Mathieu Longtin  2009-08-05 13:55:57
According to their blog, it's enabled for all Google Apps customers.http://googlecode.blogspot.com/2009/07/google-apps-openid-identity-hub-for.htmlLooks like they don't allow for delegation though. It's "risky business."http://groups.google.com/group/google-federated-login-api/browse_thread/thread/825067789537568c#
Mike Meyer  2009-08-05 17:33:53
That Googlecode article says that is's available for all edition, the announcement says it only applies to Premier and Eduction domains, and the google-federated-login-api seems to mention only Premier and Education as well. I can't seem to find the enabling/disabling swith in my cpanel. So I'm confused.
Mathieu Longtin  2009-08-10 19:22:27
As am I. I hope it works for my domain using the standard Google Apps account and that delegation will one day be possible. Until then, it doesn't look like either one is going to be possible.
Mike Meyer  2009-08-11 22:54:17
A: 

For OpenId2 I currently have this on my site

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" />

as it is the only one required. Since I am logged in to Google Apps now as my default google account. OpenID consumers (Stack Exchange Sites mostly at this point) use that account (I get a message from google asking if the site can use that google account.

This doesn't FORCE the google apps account the way it would if you used a non-google apps account with (in addition to the provider above)

<link rel="openid2.local_id" href="http://www.google.com/profiles/YOURGOOGLEPROFILE" />

But it does allow me to use my google apps account because it is the one I am currently logged in with.

Jeff Martin  2010-10-01 04:54:57
Does this work on a free Google Apps account, or only enterprise and education?
Mathieu Longtin  2010-10-07 16:21:00
I have a free version.
Jeff Martin  2010-10-07 20:18:38

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?