sso verification certificate

76 views
Skip to first unread message

SSO

unread,
Feb 29, 2008, 8:08:13 AM2/29/08
to Google Apps APIs
Hello,
Please explain me step by step process on creating sso
verification certificate using openssh.
What are the details we have to pass to the (priv and
public)keys?Shall i create certificate on one machine(linux) and use
it on another machine(windows)?


Takashi Matsuo

unread,
Feb 29, 2008, 8:28:02 AM2/29/08
to google-a...@googlegroups.com
Hello,

I always use openssl to generate key pair like following.

# openssl genrsa -des3 -out privkey.pem 2048
# openssl rsa -in privkey.pem -out privkey-nopass.pem
# openssl rsa -in privkey-nopass.pem -pubout -outform DER -out publickey.der

I hope this helps.

-- matsuo

SSO

unread,
Feb 29, 2008, 11:05:39 PM2/29/08
to Google Apps APIs
Hi Matsuo,
Thanks for your reply. Need 3 things,
1) I have seen that we have to upload public key.then where to place
private keys?
2) Shall i create keys in one machine ane upload that in another
machine?
3) Is there any php tool to create certificate in easy way?

Thanks,


On Feb 29, 6:28 pm, "Takashi Matsuo" <matsuo.taka...@gmail.com> wrote:
> Hello,
>
> I always use openssl to generate key pair like following.
>
> # openssl genrsa -des3 -out privkey.pem 2048
> # openssl rsa -in privkey.pem -out privkey-nopass.pem
> # openssl rsa -in privkey-nopass.pem -pubout -outform DER -out publickey.der
>
> I hope this helps.
>
> -- matsuo
>

SSO

unread,
Mar 1, 2008, 12:35:59 AM3/1/08
to Google Apps APIs
Hi Matsuo,
Thanks for your reply. Need 3 things,
1) I have seen that we have to upload public key.then where to place
private keys?
2) Shall i create keys in one machine ane upload that in another
machine?
3) Is there any php tool to create certificate in easy way?

Thanks,


On Feb 29, 6:28 pm, "Takashi Matsuo" <matsuo.taka...@gmail.com> wrote:
> Hello,
>
> I always use openssl to generate key pair like following.
>
> # openssl genrsa -des3 -out privkey.pem 2048
> # openssl rsa -in privkey.pem -out privkey-nopass.pem
> # openssl rsa -in privkey-nopass.pem -pubout -outform DER -out publickey.der
>
> I hope this helps.
>
> -- matsuo
>

Takashi Matsuo

unread,
Mar 1, 2008, 2:02:49 AM3/1/08
to google-a...@googlegroups.com
Hi,

On Sat, Mar 1, 2008 at 1:05 PM, SSO <ephro...@gmail.com> wrote:
>
> Hi Matsuo,
> Thanks for your reply. Need 3 things,
> 1) I have seen that we have to upload public key.then where to place
> private keys?

You can place it in any safety place you like.

> 2) Shall i create keys in one machine ane upload that in another
> machine?

I don't think you shall do that. But probably you can do that.

> 3) Is there any php tool to create certificate in easy way?

There must be openssl php library, and probably you can create
certificate with it.
But I think the way I had shown in the former e-mail is easy enough...

Regards,

-- matsuo

SSO

unread,
Mar 1, 2008, 3:56:53 AM3/1/08
to Google Apps APIs
Hello,
Matsuo, I got this from google search,
""How does the verification certificate work?

The certificate file will be an X.509 formatted certificate with an
embedded public key. The public key can use either the DSA or RSA
algorithms. Google uses this key to verify the origination (i.e. Did
the SSO assertion come from you?) and integrity (i.e. Was the
assertion modified during transmission?) of the SAML response you send
to us.

It is important to match the embedded public key in the X.509
certificate with the private key you use to sign the SAML Response.

While we don't currently support a best practice for admins without
existing certificates, X509 certificates generation can be
accomplished using the openssl command. More information""

do you know to do integration and to create SAML response? Please
advise me on this


On Mar 1, 12:02 pm, "Takashi Matsuo" <matsuo.taka...@gmail.com> wrote:
> Hi,
>

Takashi Matsuo

unread,
Mar 1, 2008, 5:51:28 AM3/1/08
to google-a...@googlegroups.com
Hello,

I hope I understand you correctly...

There is a reference implementation in the URL bellow.
http://code.google.com/apis/apps/sso/saml_reference_implementation_web.html

I hope this implementation will help you.

Regards,

-- matsuo

Takashi Matsuo

unread,
Mar 1, 2008, 6:05:53 AM3/1/08
to google-a...@googlegroups.com
Hello,

This example might be more suitable for you. This is a PHP sample.
http://code.google.com/p/google-apps-sso-sample/downloads/list

Regards,

SSO

unread,
Mar 3, 2008, 11:34:03 PM3/3/08
to Google Apps APIs
I already gone through these links, but i need some real
time explanation, which might be help me more.i need little more
explanation on this.

Thanks,

On Mar 1, 4:05 pm, "Takashi Matsuo" <matsuo.taka...@gmail.com> wrote:
> Hello,
>
> This example might be more suitable for you. This is a PHP sample.http://code.google.com/p/google-apps-sso-sample/downloads/list
>
> Regards,
>
> On Sat, Mar 1, 2008 at 7:51 PM, Takashi Matsuo <matsuo.taka...@gmail.com> wrote:
> > Hello,
>
> > I hope I understand you correctly...
>
> > There is a reference implementation in the URL bellow.
> > http://code.google.com/apis/apps/sso/saml_reference_implementation_we...
>
> > I hope this implementation will help you.
>
> > Regards,
>
> > -- matsuo
>

Julian (Google)

unread,
Mar 4, 2008, 9:27:35 AM3/4/08
to Google Apps APIs
Hi,

You should create the certificates using the openssl command, here is
an example:
http://www.madboa.com/geek/openssl/

I recomend you to try our PHP Sample:
http://google-apps-sso-sample.googlecode.com/files/samltool_php.zip

If you follow up the code of process_response.php, you can see how a
response is generated and signed using xmlsec1.
Please let me know if you need more details on this.

Julian.
Reply all
Reply to author
Forward
0 new messages