Any plans to ever let us set the OpenID realm?

[stephenp]

I've been trying to get SSO for Google Apps to work with appengine. I've tried it both by implementing my own servlet that uses step2 and openid4java, and I've tried it using the UserService.

There are problems with both, but using the UserService would be ideal if only we were able set the realm so we skip the openid confirmation page. Skipping the confirmation page is a requirement for the Google Apps Marketplace. BTW, it would be nice if the the Google Apps dev documentation said something like "Don't try to use AppEngine's UserService because it won't work." This would really save some wild-goose-chases. Sadly, instead the python example they provide actually uses AppEngine's UserService - which actually sent me on a wild-goose-chase.

Building a servlet using step2/openid4java to do the OpenID SSO that the Apps folks want wasn't so bad, but they also want all the OpenID communication secure, so you end up having to deal with https://foo.appspot.com URLS which are ugly and confusing to users. And I didn't actually find it terribly easy to implement session tracking when trying to bounce users from http://foo.com to https://foo.appspot.com. If anyone knows how to do that properly, I'd appreciate the help.

So. Any plans to let us set the realm, because I think that would make all this much easier for people to build the SSO integrations that the Chrome Web Store and Google Apps Marketplace are wanting.

Thanks,

Stephen

[Marcin]

I had exactly the same problem.

Using UserService was very intuitive and easy but without possibility to set wildcard realm, implementing SSO for Google Apps Marketplace (we are using subdomains for multitenancy) was impossible.

If only UserService.createLoginURL had one more argument - String realm...