Unfortunately, I'm not the license-holder for the portlet that was developed. It was for a client and the source is not open.
As for the password reset option, I too thought of this while typing my original reply, but I have reservations regarding this. If you're using the SAML SSO option, then theoretically it would probably work, however, you'll have to ensure that the password is set back appropriately. If you fail to do it once, then the user will know, and then you've got a security issue to deal with. If you DID go that route, I'd highly suggest you cache the response from Google so you aren't doing password syncs with every refresh of the page. I'd also recommend that when you change the password, you do so with a random string of letters and numbers that's different for each request. However, I don't like that approach at all. It opens the door for too many things to go wrong. -Ryan On Jan 15, 2008 3:10 PM, Marmina ABDEL-MALEK <[EMAIL PROTECTED]> wrote: > > Thanks alot Rayan, > I really appreciate your prompt response. can i have a copy of > your portlet, or any sample to develop a gadget similar to the one on > the google apps start page, which shows the recent emails. I'll try to > find a workaround for the passwords. I'm thinking of temporarily > resetting the pasword during the fetteching the feed and then > restoring it to its original hash affter getting the feed! do you > think this would work? > > don't forget to send me a copy of your portlet, if possible. > > Thanks, Marmina. > > On Jan 15, 7:49pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > You can't access the content of a user's mailbox with anything less than > > their username and password. > > > > About a year ago I had developed a portlet to do this, but you're right, > it > > required the user's password in clear text. What we did to work around > this > > was to use the SSO solution from Google to authenticate the users to > their > > mailboxes, and create a random password we stored securely to access the > > mailbox behind the scenes (for the portlet, for example). However, this > > causes other issues, such as not being able to access the mailbox via > > IMAP/POP. > > > > However, Google now allows you to create/modify an account with an SHA-1 > > encrypted string as the password. If your user directory currently > stores > > passwords as SHA-1 encrypted strings, then you can replicate those > passwords > > to the user's Google account. Now, this is where it gets a bit sketchy, > and > > I don't recommend it, so we'll just consider this a "hypothetical." When > > the user logs in to your SSO solution, you could capture their password, > > two-way encrypt it, and store it in their session. When you need to > preview > > their mailbox, you decrypt the password in the user's session, and send > it > > to Google in a Authentication request to be used with an ATOM feed. > Again, > > I'm just brainstorming here. > > > > I hope that helps! > > > > -Ryan > > > > On Jan 15, 2008 8:21 AM, Marmina ABDEL-MALEK <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > We want to dispaly the recent emails of a user in our portel. we want > > > to retrieve this email feed using the domain admin credentials and not > > > the users. > > > > > is there a way to grab this info using PHP or any other language? if > > > not, do you a portlet/widget that we can embed in our portal to > > > display the recent email feed? > > > > > if you any code example to implement this functionality, please post > > > it. > > > > > Notes: > > > - we have implemnted SSO and integrated it with google apps. > > > - we don't want to grab the feed using > > > http://username:[EMAIL PROTECTED] > > > (as it entitles that we know the plain text password of a user) > > > - we don't to use the gmail mobile edition in an iframe, because it is > > > not convenient.- Hide quoted text - > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
