Hi, Thanks Jon for sharing this.
That will work and it is simple to implement, just mind your internal policies for cookies, especially on Admin accounts. Julian. On Mar 5, 2:44 pm, "Jon.Mitchiner" <[EMAIL PROTECTED]> wrote: > For my education account, I have SSO enabled, and if I open mail > through Google Talk, it will open the page directly without asking me > to log in if I'm using a computer on the domain with Active > Directory. As for how this was possible, I'm not sure to the > specifics as I used LTech to develop the page for me and this was done > by doing something with cookies. So this is a feature with how you > set up SSO, not something enabled in Google Talk. > > For the first time user, when they open the SSO log in page, there is > an option for the user to click on a link using the Computer's domain > credentials. If the user clicks on that link, then a cookie is > created, and then they log into Google Apps without being asked to > enter their username and password. Once a user does this, then Google > Talk will immediately open the mail link. > > I don't see this as a security issue as we have mandatory screen saver > timeouts on the domain, so this protects the user somewhat. > > Jon > > On Mar 5, 6:31 am, "Julian (Google)" <[EMAIL PROTECTED]> wrote: > > > Hi, > > > At the moment the behavior is that the users has to login to the > > browser session when the browser opens, with SSO or not. The main > > reason for this would be security. They maybe a work around for this, > > my concern would be that when using auto login on Google Talk and > > bypassing the login page gives access to all emails (and more apps) if > > someone else is using the computer. > > > does anyone else have any ideas on this? > > > Julian. > > > On Mar 4, 1:52 pm, Will Gillen <[EMAIL PROTECTED]> wrote: > > > > Hi Group, > > > > We use GoogleApps for EDU, and use SSO to allow users to use forms > > > authentication to sign into our Active Directory for authentication, > > > then pass the SAML to Google. Basically we're using a nearly > > > unmodified version of the .NET sample for SSO authentication. > > > > We have a central password management tool which allows our users to > > > update their passwords on all of our systems. This tool also updates > > > password on Google (to keep our AD passwords and GoogleApps passwords > > > in sync). > > > > Many of our users also use GoogleTalk client to have Instant Messaging > > > and email notification on their desktop. However, when a user uses > > > the GTalk client to open their GoogleApps mailbox, they are prompted > > > with our SSO sign-on page. We would like to add something to our SSO > > > sign-on page to detect that they are using their GTalk client and > > > perform some kind of auto-login from that point, so they are not > > > prompted for their password on the SSO page. > > > > Is that possible? If so, how (any examples are welcome). > > > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
