UP On 22 fév, 11:50, Antoine <[email protected]> wrote: > Is there some Google Employee who can help ? > > On 20 fév, 10:31,Antoine<[email protected]> wrote: > > > > > > > > > Hello Robert, > > > this happen when the user is not logged in and try to log the first > > time using my url. > > If the user is logged already (but going straight to gmail for > > example) then provider list links are displayed (which is weird also, > > because they shouldnt show up as he is already logged-in) and when he > > clicks he will be redirected to the secure google app engine webpage > > without any problem. > > > the code : > > for name, uri in providers.items(): > > self.response.out.write('<a href="%s">%s</a><br><br>' % > > (users.create_login_url(federated_identity=uri), name)) > > > On 17 fév, 15:45, Robert Kluin <[email protected]> wrote: > > > > HeyAntoine, > > > Sounds like you've got an issue with how the continue url is > > > encoded, but that's a total guess. Does this happen every "first" > > > time, when the user is not logged in? > > > > Robert > > > > On Fri, Feb 17, 2012 at 01:00,Antoine<[email protected]> wrote: > > > > Hello, > > > > > I succeeded to make it work. I didnt ask for "login:required" because > > > > i just need one webpage to be secured (one handler for this page which > > > > asks for openid authentication before showing content). > > > > > But now, I have a problem with the authentication and redirection. > > > > > Use case : > > > > - user go on the Google App Engine Application homepage (http:// > > > > example.appspot.com), when he clicks to go on the second webpage > > > > (secured one) > > > > - he is asked to choose his Google Apps domain (his provider) by > > > > clicking on a link > > > > - then he is redirected to the the login url formatted thanks to the > > > > providers chosen (ie > > > > :www.google.com/accounts/o8/site-xrds?hd=example.com) > > > > - he is redirected to google which will redirect him to the SSO > > > > company page (because the Google Apps domains use SSO for the whole > > > > company users, and for all domains) > > > > - he authenticate himself on the SSO company page > > > > - he should be redirected to the Google app engine secured page after > > > > success > > > > however, he gets a Google webpage with "The page you requested is > > > > invalid" > > > > > Two things to know also : > > > > if after that, he re-do everything : go to the homepage, click on the > > > > secured page link, then click on the provider, he will access the > > > > secured page automatically (authentication has been successful before, > > > > even if the redirection shows a Google page with "The page you > > > > requested is invalid") > > > > if he opens another tab with Gmail, then no need to authenticate, > > > > Gmail shows the emails inbox (authentication has been successul > > > > before...) > > > > > So I look at this problem and I've found this : > > > >http://www.google.com/support/forum/p/apps-apis/thread?tid=39a0dedd82... > > > > > I tried the website :http://www.puffypoodles.com/lso2 > > > > > I get the same error at first with the Google page "The page you > > > > requested is invalid" after authentication on the SSO company webpage. > > > > > So as it is said by the Google employee, it should be a Google > > > > Endpoint issue : > > > > "To verify that there isn't an issue with OpenID on your test domain, > > > > can you try logging in via OpenID using the test site > > > > (puffypoodles.com)?[1] If login on this site works, there must be a > > > > problem with the code. If it does not work, there is probably an issue > > > > with the Google OpenID endpoints." > > > > > Where is my mistake here ? > > > > I dont really get the Google OpenID enpoints issue. > > > > > Thanks in advance, > > > >Antoine > > > > > On 2 fév, 00:11, Robert Kluin <[email protected]> wrote: > > > >> HiAntoine, > > > >> Glad you got that figured out. > > > > >> You should be able to have login required on your apps, just as > > > >> before. You'll just need to be sure to define a handler for > > > >> login_required (as is explained in the article). Note that you won't > > > >> get redirected to it on the dev server, so you'll need to directly go > > > >> to the url to test it out. > > > > >> Robert > > > > >> On Wed, Feb 1, 2012 at 04:42,Antoine<[email protected]> wrote: > > > >> > Ok, I ve found out. > > > > >> > this should be the URL for Google Apps domains : > > > > >> >www.google.com/accounts/o8/site-xrds?hd=example.com > > > > >> > On Feb 1, 4:59 pm,Antoine<[email protected]> wrote: > > > >> >> Thank you for your answer. > > > > >> >> I tried to follow this tutorial (I dont know why I didnt find it > > > >> >> before... :s ). > > > > >> >> However, I have a question left. > > > > >> >> I decided to let the user choose his domain by clicking on his > > > >> >> domain > > > >> >> link. > > > > >> >> I deleted the "login required" in app.yaml and modified my main.py > > > >> >> such as... > > > > >> >> My python looks like : > > > > >> >> ------------------------------------------- > > > >> >> # > > > >> >> #code > > > >> >> # > > > > >> >> providers = { > > > >> >> 'prov 1' : 'google.com/a/domain.com', > > > >> >> 'prov 2' : 'google.com/a/subdomain1.com', > > > >> >> 'prov 3' : 'google.com/a/subdomain2.com' > > > >> >> # add more here > > > > >> >> } > > > > >> >> # > > > >> >> #code > > > >> >> # > > > > >> >> else: > > > >> >> self.response.out.write('Hello world! Sign in at: ') > > > >> >> for name, uri in providers.items(): > > > >> >> self.response.out.write('[<a href="%s">%s</a>]' % > > > >> >> (users.create_login_url(federated_identity=uri), name)) > > > > >> >> # > > > >> >> #code > > > >> >> # > > > > >> >> ------------------------------------------- > > > > >> >> However links are not redirecting user... > > > >> >> I guess it should work, if you do this yourelf, that each Google > > > >> >> Apps > > > >> >> domain should be used as a direct provider federated entities ? > > > > >> >> What should I do to have Google Apps domains login page after > > > >> >> clicking > > > >> >> on a link (and get redirection to my app after authentication > > > >> >> against > > > >> >> Google, of course) ? > > > >> >> I guess I dont have the right link/approach because, with > > > >> >> myopenid.com > > > >> >> it's working (redirecting). > > > > >> >> thx in advance > > > >> >>Antoine > > > > >> >> On Jan 31, 1:34 pm, Robert Kluin <[email protected]> wrote: > > > > >> >> > HeyAntoine, > > > >> >> > Use OpenID / Federated login. You can provide users with a > > > >> >> > list of > > > >> >> > subdomains, or check them against that. I usually either give > > > >> >> > users > > > >> >> > the option to enter their domain or email address (from which I > > > >> >> > can > > > >> >> > deduce the domain), then redirect them to the proper page. It is > > > >> >> > pretty straight forward to do. > > > > >> >> > I think Wesley's article on federated login provides all the > > > >> >> > basics. > > > >> >> > http://code.google.com/appengine/articles/openid.html > > > > >> >> > Robert > > > > >> >> > On Sun, Jan 29, 2012 at 22:57,Antoine<[email protected]> > > > >> >> > wrote: > > > >> >> > > Hi everyone, > > > > >> >> > > I am working on a simple application (actually a website) on > > > >> >> > > Google > > > >> >> > > App Engine. > > > >> >> > > This application should be accessible only for a selected > > > >> >> > > Google Apps > > > >> >> > > domains list. > > > > >> >> > > These domains are corporate Google Apps subdomains. One Google > > > >> >> > > Apps > > > >> >> > > account domain handle several subdomains, one for each business > > > >> >> > > unit. > > > > >> >> > > I would like to restrict my apps to those domain. > > > > >> >> > > However, there is only 3 ways to secure my app (Application > > > >> >> > > Settings / > > > >> >> > > Authentication Options in Google App Engine Console) : > > > >> >> > > - Google Accounts API > > > >> >> > > - Google App Domain > > > >> >> > > - Open ID (Federated Login) > > > > >> >> > > For the first one, it can work, however, as we are using > > > >> >> > > Federation > > > >> >> > > Login for all Google Apps domains, we dont want the user to > > > >> >> > > login > > > >> >> > > twice : one on the Google Account Sign-in webpage which is > > > >> >> > > displayed > > > >> >> > > automatically when we choose Google Accounts, and then on the > > > >> >> > > federation page. > > > >> >> > > Because with this Google App Engine authentication, the user is > > > >> >> > > first > > > >> >> > > redirected to :http://accounts.google.com > > > >> >> > > then enter its credentials Google Apps, then Google tell him > > > >> >> > > that > > > >> >> > > federation is working for this domain so he just need to Click > > > >> >> > > to be > > > >> >> > > redirected. > > > >> >> > > This is not user friendly. > > > > >> >> > > Second one, works only with one Google App Primary domain. > > > >> >> > > Subdomain > > > >> >> > > doesnt work with this feature... > > > > >> >> > > Maybe third one, Open ID/ Federated login, can work, but how ? > > > > >> >> > > Thx > > > >> >> > >Antoine > > > > >> >> > > -- > > > >> >> > > You received this message because you are subscribed to the > > > >> >> > > Google Groups "Google App Engine" group. > > > >> >> > > To post to this group, send email to > > > >> >> > > [email protected]. > > > >> >> > > To unsubscribe from this group, send email to > > > >> >> > > [email protected]. > > > >> >> > > For more options, visit this group > > > >> >> > > athttp://groups.google.com/group/google-appengine?hl=en. > > > > >> > -- > > > >> > You received this message because you are subscribed to the Google > > > >> > Groups "Google App Engine" group. > > > >> > To post to this group, send email to > > > >> > [email protected]. > > > >> > To unsubscribe from this group, send email to > > > >> > [email protected]. > > > >> > For more options, visit this group > > > >> > athttp://groups.google.com/group/google-appengine?hl=en. > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Google App Engine" group. > > > > To post to this group, send email to [email protected]. > > > > To unsubscribe from this group, send email to > > ... > > plus de détails »
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
