Geek Answers Handbook

Google Apps Domain as an OpenID Provider

  • How can I make Google Apps domain an OpenID provider ? Is there any documentation, tutorial, working example?

  • How to authenticate users in my own application using Google Apps domain authentication (I mean without OpenID ). I heard that this is something about gdata api, but I don't know where to start. Are there helpful tutorials or working examples?

I would like to know about free open source solutions.

+5
openid google-apps gdata gdata-api
source share
4 answers

You don’t have to do anything to make your Google Apps domain an openid provider. BUT, Google’s special OpenID service for domain applications requires trusted OpenID supporters to implement a special (patented) discovery mechanism, and most RP systems are not yet installed. So, if you test this, it will not work.

One way to test is to switch to an OpenID RP that uses RPXNow. RPX is one of those RPs that truly embrace Google’s new discovery engine. For example, jyte.com. Try logging in.

+6
source share

Regardin issue number 1, I have been working on this for the past few days.

Take a look here: How do you delegate your OpenId to Google Apps .

Google doesn't seem to allow delegation, so you can't just put meta information in the title of your document. I believe that you need to create a file called yourdomain.com/.well-known/host-meta that points to the XRDS file on the Google server. He better explained the discovery API page . Sorry for all the jargon, but I don’t know how to explain it otherwise.

To test Google’s OpenID federation, follow these steps: http://www.puffypoodles.com/

The delegation problem is better in the Google group for the OpenID federated login API .

As for question number 2, the federated login API provides OAuth kindness, so you can use user information and use auth tokens, etc. Check the federated login API.

Hope this helps.

+4
source share

Their OpenID Federated Login Service looks like a place to run. It is based on OpenID and allows users to register on your site with their Google Apps ID. It seems that it is not supported by the version of Google Apps Standard.

http://code.google.com/apis/apps/sso/openid_reference_implementation.html

There is also a single sign-on structure that does not use OpenID, which may be the answer to # 2.

http://code.google.com/apis/apps/open_source_projects.html#sso

+3
source share

A lot of people have published about OpenID, so I will answer your second question.

ClientLogin is the API you need.

http://code.google.com/googleapps/domain/gdata_provisioning_api_v2.0_developers_protocol.html#client_login

Please note that the link above is given in the documentation for the service delivery API, but it does not depend on access to the initialization API, exactly where this information is now.

There are many examples in different languages.

Cautions:

  • no single sign-on for this
  • You won't like Google (they try to kill ClientLogin)
  • you get Captcha random crashes and you have to deal with these
0
source share

More articles:


All Articles