I'm attempting to setup SSO for my Google Apps domain with the ultimate goal of allowing users to login with their existing LDAP passwords (accounts will be provisioned using the provisioning API). I managed to get the PHP Reference Implementation working to a degree for the psosamldemo.net domain by adapting the instructions at:
http://code.google.com/apis/apps/sso/saml_reference_implementation_web.html to the PHP code instead of the Java (I chose the PHP code because I know PHP much better than Java). So I can manage the login to psosamldemo.net and I can add my custom code to the login() function so that the username/password entered only works if it exists in my LDAP tree. Things fall apart though at stage 3 when I try to switch things over to my own domain. First off, the PHP sample code ships with a .key dsa public file and private .pem file for psosamldemo.net. I'm attempting to generate my own certificates using OpenSSL, however the docs at: http://code.google.com/support/bin/answer.py?answer=71864&topic=12142#OpenSSL only describe how to generate .pem or .der private key and a .der public key, nothing about generating the public .key file and I can't seem to get xmlsec to take the .der or .pem files. It errors out with: func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=262:obj=unknown:subj=d2i_PrivateKey_bio and d2i_PUBKEY_bio:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=143:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=dsaprivkey.der;errno=0 func=xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad:file=crypto.c:line=118:obj=unknown:subj=xmlSecCryptoAppKeyLoad:error=1:xmlsec library function failed:uri=dsaprivkey.der Error: failed to load private key from "dsaprivkey.der". Error: keys manager creation failed So my question is really, how can I get OpenSSL to generate the private .pem file and the public .key file? Any other tips here would be much appreciated. Thanks, Jay Lee --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
