OpenID 제공 업체로서 Google Apps 도메인

Question

1. 어떻게 만들 수 있습니까? Google Apps 도메인 OpenID 제공 업체가됩니다. 문서, 튜토리얼, 작업 예제가 있습니까?

2. Google Apps 도메인 인증을 사용하여 내 응용 프로그램에서 사용자를 인증하는 방법 (내 말은 OpenID없이). 나는 그것이 GData API에 관한 것이라고 들었지만 어디서부터 시작 해야할지 모르겠습니다. 거기 아무도 없나요 유용한 튜토리얼 Howtos 또는 일하고 있는 예?

무료 또는 오픈 소스 솔루션에 대해 알고 싶습니다.

Answer 1

You don't have to do anything to make your Google Apps domain an openid provider. BUT, Google's special OpenID service for Apps for Domains requires OpenID relying parties to implement a special (proprietary) discovery mechanism and most RPs don't [yet]. So, if you're testing against that, it won't work.

One way to test is go to an OpenID RP that uses RPXNow. RPX is one of those RPs that do accept Google's new discovery mechanism. jyte.com for example. Try logging in there.

Answer 2

Regardin question number 1, i've been working on this for the past few days now.

Check it out here: How do you delegate your OpenId to Google Apps

It appears Google doesn't allow delegation, so you can't just put the meta information in the header of your document. I believe you have to create a file called yourdomain.com/.well-known/host-meta that points to the XRDS file on the Google server. It's explained better on the discovery API page. Sorry, that's all jargon, but I don't know how otherwise to explain it.

For Google federated OpenID testing try: http://www.puffypoodles.com/

The delegation issue is better in the Google group for the OpenID federated login API.

Regarding question number 2, the federated login API provides OAuth goodness, so you can pull in user info and use auth tokens etc. Check the federated login API.

Hope that helps.

Answer 3

Their OpenID Federated Login Service looks like the place to start. It's based on OpenID and allows you to have users sign-in to your site using their Google Apps ID. It looks like it's not supported with Google Apps Standard edition.

http://code.google.com/apis/apps/sso/openid_reference_implementation.html

There is also the Single Sign-On framework that doesn't use OpenID which may be the answer to #2.

http://code.google.com/apis/apps/open_source_projects.html#sso

Answer 4

Lots of people posted about OpenID, so I'll answer your second question.

ClientLogin is the API you're after.

http://code.google.com/googleapps/domain/gdata_provisioning_api_v2.0_developers_protocol.html#client_login

Note that the link above is from the provisioning API doc, but it is not dependent on access to provisioning API, it's just where this info lives now.

Lots of examples in different languages there.

Caveats:

• no single sign-on for this
• Google will dislike you (they are trying to kill ClientLogin)
• you will get occasional Captcha failures and will need to deal with those