[Shib-Users] Google Apps SSO
Vadnais, Kevin
Hi all,
I’m about to turn our google apps process over to the shibboleth IDP server I just created. I am a little concerned about the how to instructions referenced here
https://shibboleth.usc.edu/docs/google-apps/
Mostly because I have never seen the reference to the SSO sign in page anywhere but here
https://YOURDOMAIN.COM/idp/SAML2/Redirect/SSO.
Is this page valid for the Shibboleth IDP 1.2.4 setup I have right now. My username/password login works fine, but I haven’t done anything specifically for SSO authentication. Currently, everything gets routed to https://YOURDOMAIN.COM/idp/Authn/UserPassword
Am I fine to send google apps to the Redirect/SSO page, or should I use the Authn/UserPassword page?
Thanks,
Kevin Vadnais
Systems Progammer
University of Lethbridge (IT Department)
There are only 10 kinds of people in this world. Those that understand binary and those that don't.
RL 'Bob' Morgan
On Tue, 13 Oct 2009, Vadnais, Kevin wrote:
> Is this page valid for the Shibboleth IDP 1.2.4 setup I have right now.
For Google Apps you need to be running a Shibboleth 2.x IdP.
1.2 has been obsolete for a couple of years, I think ...
- RL "Bob"
Vadnais, Kevin
I'm running 2.1.4 (a little dyslexia in the morning)
Kevin Vadnais
Systems Progammer
University of Lethbridge (IT Department)
403-332-4056
There are only 10 kinds of people in this world. Those that understand binary and those that don't.
Scott Cantor
> Is this page valid for the Shibboleth IDP 1.2.4 setup I have right now.
> My username/password login works fine, but I haven't done anything
> specifically for SSO authentication. Currently, everything gets routed
> to https://YOURDOMAIN.COM/idp/Authn/UserPassword
>
> Am I fine to send google apps to the Redirect/SSO page, or should I use
the
> Authn/UserPassword page?
Assume you mean 2.1.4, but in any case, you MUST send it to the SAML
endpoint. /Authn/UserPassword is not a public endpoint, it's an internal
part of the IdP for handling password-based login within the IdP.
-- Scott
Vadnais, Kevin
the documentation for the IDP.
Kevin Vadnais
Systems Progammer
University of Lethbridge (IT Department)
403-332-4056
There are only 10 kinds of people in this world. Those that understand
binary and those that don't.
Paul Hethmon
http(s)://hostname/idp/shibboleth
Substituting as appropriate. You will see the SingleSignOn endpoints listed
there for HTTP POST and Redirect. Can't remember which one Google wants.
On 10/13/09 11:16 AM, "Vadnais, Kevin" <kevin....@uleth.ca> wrote:
> But where is the SAML endpoint? I am having a hard time finding it in
> the documentation for the IDP.
-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----
God does not play dice with the universe; He plays an ineffable game of his
own devising, which might be compared, from the perspective of any of the
other players, to being involved in an obscure and complex version of poker
in a pitch dark room, with blank cards, for infinite stakes, with a dealer
who won't tell you the rules, and who smiles all the time.
-- Terry Pratchett, Good Omens
Vadnais, Kevin
That did it.
Kevin Vadnais
Systems Progammer
University of Lethbridge (IT Department)
403-332-4056
There are only 10 kinds of people in this world. Those that understand
binary and those that don't.
-----Original Message-----
From: Paul Hethmon [mailto:paul.h...@clareitysecurity.com]
Sent: Tuesday, October 13, 2009 9:25 AM
To: Shibboleth Users
Subject: Re: [Shib-Users] Google Apps SSO