HI Arkesh,
Please see my comments to your questions inline below. I hope it
helps.
Thanks,
--Tony
On Aug 25, 6:54 am, Arkesh <[EMAIL PROTECTED]> wrote:
> Hi Anirudh,
> I have some questions, and i always know you will come up with
> answers. I will appreciate if you answer all listed questions, at the
> below space of each question specifically.
> (1) I am using Microsoft visual studio 2008 for SSO Experiment, as at
> this moment it is difficult to get visual studio 2005 for free
> download.(if you know any link then always feel free to send.)
Unfortunately, Visual Studio 2005 is a paid product.
> (2) As i do not find the path "C:\Program Files\Microsoft Visual
> Studio 8\Common7\Tools\.." in Microsoft visual studio 2008,i actually
> find (makecert.exe & pvk2pfx.exe) files in "c:\Program files\Microsoft
> SDKS\windows\v6.0A\makecert.exe & pvk2pfx.exe".This second path is
> working nicely in visual studio 2008.
Yes, this should work as well.
> (3) The interesting thing which I find while running these two files
> on command prompt according to documentation is that, after running
> makecert.exe it asks for password / confirm password. Which password
> should I enter?? Is it the Google apps password? I generated
> certificate using my valid password. In general I created three
> certificates in my “key” folder ( mycert.cer/mycert.pvk/
> mycert.pfx).I used Mono software of Google for command prompt
> execution.
This is a password for the certificate so it is anything of your
choice.
> (4) As in Google documentation it is stated something for xcalcls.
> What is that??? Actually I downloaded xcalcls. But I am unable to use
> this tool effectively. "C:\Program Files\Support Tools\xcacls.exe"
> mycert.pfx /e /g MYCOMPUTERNAME\ASPNET:R
This command is used to change the permission of the mycert.pfx file.
You can also do it by right-clicking on the file and select
"properties" and giving the MYCOMPUTENAME\ASPNET user "read"
permission under the security tab.
> (5) Another issue is how to give permission in IIS 7 .I mean what is
> “Run the Permissions Wizard on the GoogleAppsSso Virtual Directory to
> set it up as a public website”???
In the IIS admin console, you should have GoogleAppsSso under the
Default Web Site. If you right click on "properties", you should see
you can configure access for the folder ("read, write, directory
browsing, etc) under the "Virtual Directory" tab.
> (6) I tested my final application by
> puttinghttp://localhost/GoogleAppsSso/Prompt.aspx
> andhttp://Mydomain name/GoogleAppsSso/Prompt.aspx
> buthttp://mail.google.com/a/<My Domain name> do not
> contacthttp://localhost/GoogleAppsSso/Prompt.aspx
>
Please make sure you have enable SSO under Advanced tools (https://
www.google.com/a/cpanel/coovy.com/SetupSSO). You should have the
"Enable Single Sign-on" box checked and set the "Sign-in page URL" to
"http://localhost/GoogleAppsSso/Prompt.aspx";. Since "Sign-out page
URL and Change password URL" are both required, you have to put
something temporarily as well.
> (7) At the end of documentation it is mentioned like
>
> “Customizing authentication and authorization logic
> --------------------------------------------------
>
> Edit the Page_Load method in C:\projects\Google.Apps.SingleSignOn\web
> \SingleSignOn.aspx.cs to place restrictions on who can log in to
> Google Apps for this domain. The sample application does not verify
> the credentials.
>
> It may be helpful in development to view the SAML request, SAML
> response, and RelayState values. To see this information, edit C:
> \projects\Google.Apps.SingleSignOn\web\Web.config and set the
> Google.Apps.SingleSignOn.Url to SingleSignOnDebug.aspx instead of
> SingleSignOn.aspx.”
> But it is also not solving the problem???
This should have effect after you did 6). Basically you need to add
your authentication logic here to complete your integration.
>
> On Aug 25, 6:40 am, "Anirudh (Google)" <[EMAIL PROTECTED]> wrote:
>
> > Hi Arkesh,
>
> > What error message do you on the console see when you run the command
> > line utilities i.e. makecert.exe and pvk2pfx.exe ?
>
> > Running the following command generates the certificate with public
> > key (.cer) and the private key (.pvk):
> > "c:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > \makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk
> > mycert.cer
>
> > Post running that command, you need to run:
> > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > \pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
> > to generate the .pfx file for your SSO assembly consumption.
>
> > -Anirudh
>
> > On Aug 24, 5:59 am, Arkesh <[EMAIL PROTECTED]> wrote:
>
> > > Hi Everybody,
> > > I want to implement Google single sign on for my organization
> > > website.
> > > I used Google api SSO .NET Client library.Link is as
> > > belowhttp://code.google.com/apis/apps/libraries_and_samples.htmlhttp://cod...
>
> > > there is a read me file for documentation.
> > > I am pasting the read me doucmentation here at the end of this
> > > message.
> > > Actually i followed instructions according to documentation ,but hte
> > > real problem comes at,installing certificates
> > > Creating and installing a certificate
> > > -------------------------------------
>
> > > 1. Run these commands from a command prompt. If Visual Studio 2005
> > > is installed in a different location, change the commands accordingly.
>
> > > cd \projects\Google.Apps.SingleSignOn\key
>
> > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > > \makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk
> > > mycert.cer
>
> > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > > \pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
>
> > > makecert.exe will generate two files:
>
> > > mycert.cer - certificate which contains the public key
> > > mycert.pvk - contains the private key
>
> > > pvk2pfx.exe will generate one file:
>
> > > mycert.pfx - contains the private key, usable by .NET framework
>
> > > Read about these utilities on MSDN:
>
> > > makecert.exe
> > > http://msdn2.microsoft.com/en-us/library/bfsktky3(VS.80).aspx
>
> > > pvk2pfx.exe
> > > http://msdn2.microsoft.com/en-us/library/aa387764.aspx
>
> > > 2. Verify, and grant if necessary, read permission to the ASP.NET
> > > user to read the mycert.pfx file. One way to do this is through the
> > > file properties Security tab. If you have the xcacls utility
> > > installed,
>
> > > "C:\Program Files\Support Tools\xcacls.exe" mycert.pfx /e /g
> > > MYCOMPUTERNAME\ASPNET:R
>
> > > ------------------
> > > if i run "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools
> > > \Bin\pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
> > > at commnad prompt it do not allows me to run the command with -r -pe -
> > > n "CN=My Domain" -sky exchange -sv mycert.pvk mycert.cer
> > > options
>
> > > is there is any solutions to make it simple but clear????
>
> > > ================
>
> > > This sample C# ASP.NET application can be used as a SAML Identity
> > > Provider for the Google Apps Single Sign-On service.
>
> > > See this article at the Google Code website for an introduction to the
> > > Google Apps Single Sign-On service:
>
> > >http://code.google.com/apis/apps/sso/saml_reference_implementation.html
>
> > > Building the sample application with Microsoft Visual Studio 2005
> > > -----------------------------------------------------------------
>
> > > 1. Extract the .zip file to a local directory, e.g. C:\projects
> > > \Google.Apps.SingleSignOn. The contents are:
>
> > > key - test certificates
> > > src - C# source code
> > > web - ASP.NET source code
> > > VS2005.sln - Visual Studio 2005 solution file.
>
> > > 2. Open the C:\projects\Google.Apps.SingleSignOn\VS2005.sln solution
> > > file in Visual Studio 2005.
>
> > > 3. Build the solution.
>
> > > 4. The executables are in C:\projects\Google.Apps.SingleSignOn\web
> > > \bin
>
> > > Installing the sample application in Internet Information Services
> > > ------------------------------------------------------------------
>
> > > 1. Open the IIS management console.
>
> > > 2. Create a new Virtual Directory to C:\projects
> > > \Google.Apps.SingleSignOn\web, e.g. GoogleAppsSso
>
> > > 3. Run the Permissions Wizard on the GoogleAppsSso Virtual Directory
> > > to set it up as a public website.
>
> > > Creating and installing a certificate
> > > -------------------------------------
>
> > > 1. Run these commands from a command prompt. If Visual Studio 2005
> > > is installed in a different location, change the commands accordingly.
>
> > > cd \projects\Google.Apps.SingleSignOn\key
>
> > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > > \makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk
> > > mycert.cer
>
> > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin
> > > \pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
>
> > > makecert.exe will generate two files:
>
> > > mycert.cer - certificate which contains the public key
> > > mycert.pvk - contains the private key
>
> > > pvk2pfx.exe will generate one file:
>
> > > mycert.pfx - contains the private key, usable by .NET framework
>
> > > Read about these utilities on MSDN:
>
> > > makecert.exe
> > > http://msdn2.microsoft.com/en-us/library/bfsktky3(VS.80).aspx
>
> > > pvk2pfx.exe
> > > http://msdn2.microsoft.com/en-us/library/aa387764.aspx
>
> > > 2. Verify, and grant if necessary, read permission to the ASP.NET
> > > user to read the mycert.pfx file. One way to do this is through the
> > > file properties Security tab. If you have the xcacls utility
> > > installed,
>
> > > "C:\Program Files\Support Tools\xcacls.exe" mycert.pfx /e /g
> > > MYCOMPUTERNAME\ASPNET:R
>
> > > 3. Go to the Google Apps control panel for your domain. In the
> > > Advanced tools Single sign-on section, upload mycert.cer as
> > > Verification certificate.
>
> > > 4. Also in the Advanced tools Single Sign-On section, set the Sign-in
> > > page URL tohttp://localhost/GoogleAppsSso/Prompt.aspx. The localhost
> > > URL is for testing. Substitute your server's domain name after
> > > testing.
>
> > > 5. Edit C:\projects\Google.Apps.SingleSignOn\web\Web.config and set
> > > the correct path for Google.Apps.SingleSignOn.PfxFile as created in
> > > step 1.
>
> > > Testing the sample application
> > > ------------------------------
>
> > > 1. Open a browser to Google Apps emailhttp://mail.google.com/a/<your
> > > domain name>
>
> > > 2. Verify that the browser redirects to the sample
> > > applicationhttp://localhost/GoogleAppsSso/Prompt.aspx
>
> > > 3. Enter a valid Google Apps username and any value for password.
> > > (See below for customizing the authentication and authorization
> > > logic.)
>
> > > 4. Verify that after you sign in you are able access Google Apps
> > > email.
>
> > > Customizing authentication and authorization logic
>
> ...
>
> read more »
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Apps APIs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-apps-apis?hl=en
-~----------~----~----~----~------~----~------~--~---
