how to create SSO with Google using simplesamlphp
1,612 views
Skip to first unread message
Loghin Tivig
Oct 22, 2013, 9:31:05 AM10/22/13
to simple...@googlegroups.com
Hi guys
I'm trying to use simplesamlphp in order to have access to Google Apps once I have logged in into my system.
The scenario is: a user goes to my login page and type in a username and password then he/she is redirected to the home page. From there I want the user to have access to his/hers Google Apps (Gmail, Drive, Groups, Sites) without being necessary to login into Google. On my system I use MySql to store the users, not AD or LDAP.
Could you point me in the right direction please?
Thanks
Peter Schober
Oct 22, 2013, 10:08:55 AM10/22/13
to simple...@googlegroups.com
* Loghin Tivig <tiv...@gmail.com> [2013-10-22 15:31]:
Start here: http://simplesamlphp.org/docs/stable/
Only once you have that all working you can look into enabling SAML
SSO for Google Apps:
> I'm trying to use simplesamlphp in order to have access to Google
> Apps once I have logged in into my system.
http://simplesamlphp.org/docs/stable/simplesamlphp-googleapps
-peter
> The scenario is: a user goes to my login page and type in a username
> and password then he/she is redirected to the home page. From there
> I want the user to have access to his/hers Google Apps (Gmail,
> Drive, Groups, Sites) without being necessary to login into
> Google. On my system I use MySql to store the users, not AD or LDAP.
You then need to install and configure SSP as an Identity Provider.
> and password then he/she is redirected to the home page. From there
> I want the user to have access to his/hers Google Apps (Gmail,
> Drive, Groups, Sites) without being necessary to login into
> Google. On my system I use MySql to store the users, not AD or LDAP.
Start here: http://simplesamlphp.org/docs/stable/
Only once you have that all working you can look into enabling SAML
SSO for Google Apps:
> I'm trying to use simplesamlphp in order to have access to Google
> Apps once I have logged in into my system.
-peter
Loghin Tivig
Oct 22, 2013, 10:47:01 AM10/22/13
to simple...@googlegroups.com
Thanks for reply Peter.
I installed simplesamlphp and enabled SAML SSO for Google Apps following the steps from http://simplesamlphp.org/docs/stable/simplesamlphp-googleapps.
It all works just fine...up to here.
But now I want users to log in into my system using my login page. From the home page users must be able to access google apps without being necessary to reintroduce any other passwords and usernames. So, in the moment the user logs in I want full access to google apps for that user. Is it possible that my login system to authenticate and authorize the user with google? Of course using simplesamlphp .
Thanks
Peter Schober
Oct 22, 2013, 1:03:55 PM10/22/13
to simple...@googlegroups.com
* Loghin Tivig <tiv...@gmail.com> [2013-10-22 16:47]:
log in to Google Apps via SAML2 using SimpleSAMLphp?
If it means something else, then what "works just fine"?
-peter
> Thanks for reply Peter.
> I installed simplesamlphp and enabled SAML SSO for Google Apps following
> the steps from http://simplesamlphp.org/docs/stable/simplesamlphp-googleapps
> .
> It all works just fine...up to here.
What does "It all works just fine" mean, specifically? That you can
> I installed simplesamlphp and enabled SAML SSO for Google Apps following
> the steps from http://simplesamlphp.org/docs/stable/simplesamlphp-googleapps
> .
> It all works just fine...up to here.
log in to Google Apps via SAML2 using SimpleSAMLphp?
If it means something else, then what "works just fine"?
-peter
Mostafa Kamal
Oct 22, 2013, 1:05:35 PM10/22/13
to simple...@googlegroups.com
He means it works fine but forwards to Google Apps, he needs to be eventually on his system page with access to Google Apps
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/groups/opt_out.
Mostafa Kamal
Google Apps Deployment Engineer
Deployment Team
Cloudypedia
H.O. Address:
28 Al Multaqa Al Arabi St., Sheraton
, Cairo, Egypt
Mob: +2 012
11200 127
Office: +202 22696777
Contact: con...@cloudypedia.com
Web: www.cloudypedia.com
Think Green – Please do not print this email unless you really need to.
-
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Cloudypedia makes no warranty that this email is error or virus free. Thank you.
Peter Schober
Oct 22, 2013, 1:23:48 PM10/22/13
to simple...@googlegroups.com
* Mostafa Kamal <mostaf...@cloudypedia.com> [2013-10-22 19:05]:
-peter
> He means it works fine but forwards to Google Apps, he needs to be
> eventually on his system page with access to Google Apps
Sorry, I cannot parse that. Feel free to help the OP poster along.
> eventually on his system page with access to Google Apps
-peter
Peter Schober
Oct 22, 2013, 1:29:19 PM10/22/13
to simple...@googlegroups.com
* Loghin Tivig <tiv...@gmail.com> [2013-10-22 15:31]:
you'll need to use the IdP-initiated flow:
http://simplesamlphp.org/docs/stable/simplesamlphp-idp-more#section_4
Obviously this will only work if you've already installed and
configured SimpleSAMLphp (and your SAML SP, in this case Google Apps)
to work with the SP-initiated.
So if you can access Google Apps and get redirected to your
SimplSAMLphp IdP, authenticate at your IdP (using an sqlauth
authsource) and get sent back to Google Apps with a SAML assertion
carrying the required NameID in the assertion's subject, and you're
logged in fine there, yes, that's all you need to do.
If not everything of the above already works, do that now.
-peter
> The scenario is: a user goes to my login page and type in a username and
> password then he/she is redirected to the home page. From there I want the
> user to have access to his/hers Google Apps (Gmail, Drive, Groups, Sites)
> without being necessary to login into Google. On my system I use MySql to
> store the users, not AD or LDAP.
To send the subject to Google Apps from some resource you control
> password then he/she is redirected to the home page. From there I want the
> user to have access to his/hers Google Apps (Gmail, Drive, Groups, Sites)
> without being necessary to login into Google. On my system I use MySql to
> store the users, not AD or LDAP.
you'll need to use the IdP-initiated flow:
http://simplesamlphp.org/docs/stable/simplesamlphp-idp-more#section_4
Obviously this will only work if you've already installed and
configured SimpleSAMLphp (and your SAML SP, in this case Google Apps)
to work with the SP-initiated.
So if you can access Google Apps and get redirected to your
SimplSAMLphp IdP, authenticate at your IdP (using an sqlauth
authsource) and get sent back to Google Apps with a SAML assertion
carrying the required NameID in the assertion's subject, and you're
logged in fine there, yes, that's all you need to do.
If not everything of the above already works, do that now.
-peter
Reply all
Reply to author
Forward
0 new messages