Is there some Google Employee who can help ? On 20 fév, 10:31, Antoine <[email protected]> wrote: > Hello Robert, > > this happen when the user is not logged in and try to log the first > time using my url. > If the user is logged already (but going straight to gmail for > example) then provider list links are displayed (which is weird also, > because they shouldnt show up as he is already logged-in) and when he > clicks he will be redirected to the secure google app engine webpage > without any problem. > > the code : > for name, uri in providers.items(): > self.response.out.write('<a href="%s">%s</a><br><br>' % > (users.create_login_url(federated_identity=uri), name)) > > On 17 fév, 15:45, Robert Kluin <[email protected]> wrote: > > > > > > > > > HeyAntoine, > > Sounds like you've got an issue with how the continue url is > > encoded, but that's a total guess. Does this happen every "first" > > time, when the user is not logged in? > > > Robert > > > On Fri, Feb 17, 2012 at 01:00,Antoine<[email protected]> wrote: > > > Hello, > > > > I succeeded to make it work. I didnt ask for "login:required" because > > > i just need one webpage to be secured (one handler for this page which > > > asks for openid authentication before showing content). > > > > But now, I have a problem with the authentication and redirection. > > > > Use case : > > > - user go on the Google App Engine Application homepage (http:// > > > example.appspot.com), when he clicks to go on the second webpage > > > (secured one) > > > - he is asked to choose his Google Apps domain (his provider) by > > > clicking on a link > > > - then he is redirected to the the login url formatted thanks to the > > > providers chosen (ie :www.google.com/accounts/o8/site-xrds?hd=example.com) > > > - he is redirected to google which will redirect him to the SSO > > > company page (because the Google Apps domains use SSO for the whole > > > company users, and for all domains) > > > - he authenticate himself on the SSO company page > > > - he should be redirected to the Google app engine secured page after > > > success > > > however, he gets a Google webpage with "The page you requested is > > > invalid" > > > > Two things to know also : > > > if after that, he re-do everything : go to the homepage, click on the > > > secured page link, then click on the provider, he will access the > > > secured page automatically (authentication has been successful before, > > > even if the redirection shows a Google page with "The page you > > > requested is invalid") > > > if he opens another tab with Gmail, then no need to authenticate, > > > Gmail shows the emails inbox (authentication has been successul > > > before...) > > > > So I look at this problem and I've found this : > > >http://www.google.com/support/forum/p/apps-apis/thread?tid=39a0dedd82... > > > > I tried the website :http://www.puffypoodles.com/lso2 > > > > I get the same error at first with the Google page "The page you > > > requested is invalid" after authentication on the SSO company webpage. > > > > So as it is said by the Google employee, it should be a Google > > > Endpoint issue : > > > "To verify that there isn't an issue with OpenID on your test domain, > > > can you try logging in via OpenID using the test site > > > (puffypoodles.com)?[1] If login on this site works, there must be a > > > problem with the code. If it does not work, there is probably an issue > > > with the Google OpenID endpoints." > > > > Where is my mistake here ? > > > I dont really get the Google OpenID enpoints issue. > > > > Thanks in advance, > > >Antoine > > > > On 2 fév, 00:11, Robert Kluin <[email protected]> wrote: > > >> HiAntoine, > > >> Glad you got that figured out. > > > >> You should be able to have login required on your apps, just as > > >> before. You'll just need to be sure to define a handler for > > >> login_required (as is explained in the article). Note that you won't > > >> get redirected to it on the dev server, so you'll need to directly go > > >> to the url to test it out. > > > >> Robert > > > >> On Wed, Feb 1, 2012 at 04:42,Antoine<[email protected]> wrote: > > >> > Ok, I ve found out. > > > >> > this should be the URL for Google Apps domains : > > > >> >www.google.com/accounts/o8/site-xrds?hd=example.com > > > >> > On Feb 1, 4:59 pm,Antoine<[email protected]> wrote: > > >> >> Thank you for your answer. > > > >> >> I tried to follow this tutorial (I dont know why I didnt find it > > >> >> before... :s ). > > > >> >> However, I have a question left. > > > >> >> I decided to let the user choose his domain by clicking on his domain > > >> >> link. > > > >> >> I deleted the "login required" in app.yaml and modified my main.py > > >> >> such as... > > > >> >> My python looks like : > > > >> >> ------------------------------------------- > > >> >> # > > >> >> #code > > >> >> # > > > >> >> providers = { > > >> >> 'prov 1' : 'google.com/a/domain.com', > > >> >> 'prov 2' : 'google.com/a/subdomain1.com', > > >> >> 'prov 3' : 'google.com/a/subdomain2.com' > > >> >> # add more here > > > >> >> } > > > >> >> # > > >> >> #code > > >> >> # > > > >> >> else: > > >> >> self.response.out.write('Hello world! Sign in at: ') > > >> >> for name, uri in providers.items(): > > >> >> self.response.out.write('[<a href="%s">%s</a>]' % > > >> >> (users.create_login_url(federated_identity=uri), name)) > > > >> >> # > > >> >> #code > > >> >> # > > > >> >> ------------------------------------------- > > > >> >> However links are not redirecting user... > > >> >> I guess it should work, if you do this yourelf, that each Google Apps > > >> >> domain should be used as a direct provider federated entities ? > > > >> >> What should I do to have Google Apps domains login page after clicking > > >> >> on a link (and get redirection to my app after authentication against > > >> >> Google, of course) ? > > >> >> I guess I dont have the right link/approach because, with myopenid.com > > >> >> it's working (redirecting). > > > >> >> thx in advance > > >> >>Antoine > > > >> >> On Jan 31, 1:34 pm, Robert Kluin <[email protected]> wrote: > > > >> >> > HeyAntoine, > > >> >> > Use OpenID / Federated login. You can provide users with a list > > >> >> > of > > >> >> > subdomains, or check them against that. I usually either give users > > >> >> > the option to enter their domain or email address (from which I can > > >> >> > deduce the domain), then redirect them to the proper page. It is > > >> >> > pretty straight forward to do. > > > >> >> > I think Wesley's article on federated login provides all the > > >> >> > basics. > > >> >> > http://code.google.com/appengine/articles/openid.html > > > >> >> > Robert > > > >> >> > On Sun, Jan 29, 2012 at 22:57,Antoine<[email protected]> > > >> >> > wrote: > > >> >> > > Hi everyone, > > > >> >> > > I am working on a simple application (actually a website) on > > >> >> > > Google > > >> >> > > App Engine. > > >> >> > > This application should be accessible only for a selected Google > > >> >> > > Apps > > >> >> > > domains list. > > > >> >> > > These domains are corporate Google Apps subdomains. One Google > > >> >> > > Apps > > >> >> > > account domain handle several subdomains, one for each business > > >> >> > > unit. > > > >> >> > > I would like to restrict my apps to those domain. > > > >> >> > > However, there is only 3 ways to secure my app (Application > > >> >> > > Settings / > > >> >> > > Authentication Options in Google App Engine Console) : > > >> >> > > - Google Accounts API > > >> >> > > - Google App Domain > > >> >> > > - Open ID (Federated Login) > > > >> >> > > For the first one, it can work, however, as we are using > > >> >> > > Federation > > >> >> > > Login for all Google Apps domains, we dont want the user to login > > >> >> > > twice : one on the Google Account Sign-in webpage which is > > >> >> > > displayed > > >> >> > > automatically when we choose Google Accounts, and then on the > > >> >> > > federation page. > > >> >> > > Because with this Google App Engine authentication, the user is > > >> >> > > first > > >> >> > > redirected to :http://accounts.google.com > > >> >> > > then enter its credentials Google Apps, then Google tell him that > > >> >> > > federation is working for this domain so he just need to Click to > > >> >> > > be > > >> >> > > redirected. > > >> >> > > This is not user friendly. > > > >> >> > > Second one, works only with one Google App Primary domain. > > >> >> > > Subdomain > > >> >> > > doesnt work with this feature... > > > >> >> > > Maybe third one, Open ID/ Federated login, can work, but how ? > > > >> >> > > Thx > > >> >> > >Antoine > > > >> >> > > -- > > >> >> > > You received this message because you are subscribed to the > > >> >> > > Google Groups "Google App Engine" group. > > >> >> > > To post to this group, send email to > > >> >> > > [email protected]. > > >> >> > > To unsubscribe from this group, send email to > > >> >> > > [email protected]. > > >> >> > > For more options, visit this group > > >> >> > > athttp://groups.google.com/group/google-appengine?hl=en. > > > >> > -- > > >> > You received this message because you are subscribed to the Google > > >> > Groups "Google App Engine" group. > > >> > To post to this group, send email to [email protected]. > > >> > To unsubscribe from this group, send email to > > >> > [email protected]. > > >> > For more options, visit this group > > >> > athttp://groups.google.com/group/google-appengine?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Google App Engine" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/google-appengine?hl=en.
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
