Hey Antoine, Sounds like you've got an issue with how the continue url is encoded, but that's a total guess. Does this happen every "first" time, when the user is not logged in?
Robert On Fri, Feb 17, 2012 at 01:00, Antoine <[email protected]> wrote: > Hello, > > I succeeded to make it work. I didnt ask for "login:required" because > i just need one webpage to be secured (one handler for this page which > asks for openid authentication before showing content). > > But now, I have a problem with the authentication and redirection. > > Use case : > - user go on the Google App Engine Application homepage (http:// > example.appspot.com), when he clicks to go on the second webpage > (secured one) > - he is asked to choose his Google Apps domain (his provider) by > clicking on a link > - then he is redirected to the the login url formatted thanks to the > providers chosen (ie : www.google.com/accounts/o8/site-xrds?hd=example.com) > - he is redirected to google which will redirect him to the SSO > company page (because the Google Apps domains use SSO for the whole > company users, and for all domains) > - he authenticate himself on the SSO company page > - he should be redirected to the Google app engine secured page after > success > however, he gets a Google webpage with "The page you requested is > invalid" > > Two things to know also : > if after that, he re-do everything : go to the homepage, click on the > secured page link, then click on the provider, he will access the > secured page automatically (authentication has been successful before, > even if the redirection shows a Google page with "The page you > requested is invalid") > if he opens another tab with Gmail, then no need to authenticate, > Gmail shows the emails inbox (authentication has been successul > before...) > > > So I look at this problem and I've found this : > http://www.google.com/support/forum/p/apps-apis/thread?tid=39a0dedd82b472ec&hl=en > > I tried the website : http://www.puffypoodles.com/lso2 > > I get the same error at first with the Google page "The page you > requested is invalid" after authentication on the SSO company webpage. > > So as it is said by the Google employee, it should be a Google > Endpoint issue : > "To verify that there isn't an issue with OpenID on your test domain, > can you try logging in via OpenID using the test site > (puffypoodles.com)?[1] If login on this site works, there must be a > problem with the code. If it does not work, there is probably an issue > with the Google OpenID endpoints." > > Where is my mistake here ? > I dont really get the Google OpenID enpoints issue. > > Thanks in advance, > Antoine > > On 2 fév, 00:11, Robert Kluin <[email protected]> wrote: >> HiAntoine, >> Glad you got that figured out. >> >> You should be able to have login required on your apps, just as >> before. You'll just need to be sure to define a handler for >> login_required (as is explained in the article). Note that you won't >> get redirected to it on the dev server, so you'll need to directly go >> to the url to test it out. >> >> Robert >> >> >> >> >> >> >> >> On Wed, Feb 1, 2012 at 04:42,Antoine<[email protected]> wrote: >> > Ok, I ve found out. >> >> > this should be the URL for Google Apps domains : >> >> >www.google.com/accounts/o8/site-xrds?hd=example.com >> >> > On Feb 1, 4:59 pm,Antoine<[email protected]> wrote: >> >> Thank you for your answer. >> >> >> I tried to follow this tutorial (I dont know why I didnt find it >> >> before... :s ). >> >> >> However, I have a question left. >> >> >> I decided to let the user choose his domain by clicking on his domain >> >> link. >> >> >> I deleted the "login required" in app.yaml and modified my main.py >> >> such as... >> >> >> My python looks like : >> >> >> ------------------------------------------- >> >> # >> >> #code >> >> # >> >> >> providers = { >> >> 'prov 1' : 'google.com/a/domain.com', >> >> 'prov 2' : 'google.com/a/subdomain1.com', >> >> 'prov 3' : 'google.com/a/subdomain2.com' >> >> # add more here >> >> >> } >> >> >> # >> >> #code >> >> # >> >> >> else: >> >> self.response.out.write('Hello world! Sign in at: ') >> >> for name, uri in providers.items(): >> >> self.response.out.write('[<a href="%s">%s</a>]' % >> >> (users.create_login_url(federated_identity=uri), name)) >> >> >> # >> >> #code >> >> # >> >> >> ------------------------------------------- >> >> >> However links are not redirecting user... >> >> I guess it should work, if you do this yourelf, that each Google Apps >> >> domain should be used as a direct provider federated entities ? >> >> >> What should I do to have Google Apps domains login page after clicking >> >> on a link (and get redirection to my app after authentication against >> >> Google, of course) ? >> >> I guess I dont have the right link/approach because, with myopenid.com >> >> it's working (redirecting). >> >> >> thx in advance >> >>Antoine >> >> >> On Jan 31, 1:34 pm, Robert Kluin <[email protected]> wrote: >> >> >> > HeyAntoine, >> >> > Use OpenID / Federated login. You can provide users with a list of >> >> > subdomains, or check them against that. I usually either give users >> >> > the option to enter their domain or email address (from which I can >> >> > deduce the domain), then redirect them to the proper page. It is >> >> > pretty straight forward to do. >> >> >> > I think Wesley's article on federated login provides all the basics. >> >> > http://code.google.com/appengine/articles/openid.html >> >> >> > Robert >> >> >> > On Sun, Jan 29, 2012 at 22:57,Antoine<[email protected]> wrote: >> >> > > Hi everyone, >> >> >> > > I am working on a simple application (actually a website) on Google >> >> > > App Engine. >> >> > > This application should be accessible only for a selected Google Apps >> >> > > domains list. >> >> >> > > These domains are corporate Google Apps subdomains. One Google Apps >> >> > > account domain handle several subdomains, one for each business unit. >> >> >> > > I would like to restrict my apps to those domain. >> >> >> > > However, there is only 3 ways to secure my app (Application Settings / >> >> > > Authentication Options in Google App Engine Console) : >> >> > > - Google Accounts API >> >> > > - Google App Domain >> >> > > - Open ID (Federated Login) >> >> >> > > For the first one, it can work, however, as we are using Federation >> >> > > Login for all Google Apps domains, we dont want the user to login >> >> > > twice : one on the Google Account Sign-in webpage which is displayed >> >> > > automatically when we choose Google Accounts, and then on the >> >> > > federation page. >> >> > > Because with this Google App Engine authentication, the user is first >> >> > > redirected to :http://accounts.google.com >> >> > > then enter its credentials Google Apps, then Google tell him that >> >> > > federation is working for this domain so he just need to Click to be >> >> > > redirected. >> >> > > This is not user friendly. >> >> >> > > Second one, works only with one Google App Primary domain. Subdomain >> >> > > doesnt work with this feature... >> >> >> > > Maybe third one, Open ID/ Federated login, can work, but how ? >> >> >> > > Thx >> >> > >Antoine >> >> >> > > -- >> >> > > You received this message because you are subscribed to the Google >> >> > > Groups "Google App Engine" group. >> >> > > To post to this group, send email to >> >> > > [email protected]. >> >> > > To unsubscribe from this group, send email to >> >> > > [email protected]. >> >> > > For more options, visit this group >> >> > > athttp://groups.google.com/group/google-appengine?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Google App Engine" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group >> > athttp://groups.google.com/group/google-appengine?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
