Hi Arkesh, Please see my responses to your questions below:
(1) Your question is kind of broad. Can you tell me specifically what you need? Basically you have to update your existing authentication mechanism to handle our SAML request, authenticate the user and generate the proper SAML response to the user's browser. To learn more about SAML-based SSO for Google Apps, please refer to the following documentation: http://code.google.com/apis/apps/sso/saml_reference_implementation.html (2) Yes, the change password and logout logic are up to your own implementation. (3) The two fields you mentioned are currently <textarea> elements. You can hide them by changing them to <input type="hidden"> elements. See an example below: <input type='hidden' name='SAMLRequest' id='SAMLRequest' value='[SAML request value]'/> (4) You can link your users to: http://mail.google.com/a/mydomain.com Or if you have set up a custom URL in the control panel: http://inbox.mydomain.com/ See this help center article on custom URLs: http://www.google.com/support/a/bin/answer.py?answer=53340 Also, please note SSO will not work if user is referred directly to http://mydomain.com/GoogleAppsSso/Prompt.aspx. This is because a redirection from a Google Property (Docs, Gmail, Calendar...) is required in order to get the proper SAML Request and the Relay State. This a common mistake when Administrators try to refer their users directly to the SSO Prompt page. (5) That's right. Sincerely, --Tony On Aug 25, 10:20 am, Arkesh <[EMAIL PROTECTED]> wrote: > Hi Tonny, > I appreciate your guidance.As i will implement your suggestions as > soon as possible.Now can your guide me for, > > (1) if we want to put whole integration application of SSO on web > server, what exactly we have to do??? > (2) if we want to give functionality of change password or logout , > then do i have to write some addtional code for it. > (3) As i see the html code of prompt.aspx page there is two additional > text boxes are below the sign in button.It is good for developer to > know all the logic behind whole application ,but as far as ordinary > user concerned they should get simple page with username and password > and sign in button after pressing the link likehttp://inbox.mydomain.com > (4) Again if i want to inform all the users of google apps , i have to > give them particular link.So that will behttp://inbox.mydomain.com > orhttp://mydomain.com/GoogleAppsSso/Prompt.aspx > (5) Using SSO , Google apps user can log in to mail account using the > webpage which we give them. > if you get any idea for doing so then feel free to reply .... > > On Aug 25, 12:48 pm, "Tony (Google)" <[EMAIL PROTECTED]> wrote: > > > HI Arkesh, > > > Please see my comments to your questions inline below. I hope it > > helps. > > > Thanks, > > > --Tony > > > On Aug 25, 6:54 am, Arkesh <[EMAIL PROTECTED]> wrote: > > > > Hi Anirudh, > > > I have some questions, and i always know you will come up with > > > answers. I will appreciate if you answer all listed questions, at the > > > below space of each question specifically. > > > (1) I am using Microsoft visual studio 2008 for SSO Experiment, as at > > > this moment it is difficult to get visual studio 2005 for free > > > download.(if you know any link then always feel free to send.) > > > Unfortunately, Visual Studio 2005 is a paid product. > > > > (2) As i do not find the path "C:\Program Files\Microsoft Visual > > > Studio 8\Common7\Tools\.." in Microsoft visual studio 2008,i actually > > > find (makecert.exe & pvk2pfx.exe) files in "c:\Program files\Microsoft > > > SDKS\windows\v6.0A\makecert.exe & pvk2pfx.exe".This second path is > > > working nicely in visual studio 2008. > > > Yes, this should work as well. > > > > (3) The interesting thing which I find while running these two files > > > on command prompt according to documentation is that, after running > > > makecert.exe it asks for password / confirm password. Which password > > > should I enter?? Is it the Google apps password? I generated > > > certificate using my valid password. In general I created three > > > certificates in my “key” folder ( mycert.cer/mycert.pvk/ > > > mycert.pfx).I used Mono software of Google for command prompt > > > execution. > > > This is a password for the certificate so it is anything of your > > choice. > > > > (4) As in Google documentation it is stated something for xcalcls. > > > What is that??? Actually I downloaded xcalcls. But I am unable to use > > > this tool effectively. "C:\Program Files\Support Tools\xcacls.exe" > > > mycert.pfx /e /g MYCOMPUTERNAME\ASPNET:R > > > This command is used to change the permission of the mycert.pfx file. > > You can also do it by right-clicking on the file and select > > "properties" and giving the MYCOMPUTENAME\ASPNET user "read" > > permission under the security tab. > > > > (5) Another issue is how to give permission in IIS 7 .I mean what is > > > “Run the Permissions Wizard on the GoogleAppsSso Virtual Directory to > > > set it up as a public website”??? > > > In the IIS admin console, you should have GoogleAppsSso under the > > Default Web Site. If you right click on "properties", you should see > > you can configure access for the folder ("read, write, directory > > browsing, etc) under the "Virtual Directory" tab. > > > > (6) I tested my final application by > > > puttinghttp://localhost/GoogleAppsSso/Prompt.aspx > > > andhttp://Mydomainname/GoogleAppsSso/Prompt.aspx > > > buthttp://mail.google.com/a/<My Domain name> do not > > > contacthttp://localhost/GoogleAppsSso/Prompt.aspx > > > Please make sure you have enable SSO under Advanced tools > > (https://www.google.com/a/cpanel/coovy.com/SetupSSO). You should have the > > "Enable Single Sign-on" box checked and set the "Sign-in page URL" to > > "http://localhost/GoogleAppsSso/Prompt.aspx";. Since "Sign-out page > > URL and Change password URL" are both required, you have to put > > something temporarily as well. > > > > (7) At the end of documentation it is mentioned like > > > > “Customizing authentication and authorization logic > > > -------------------------------------------------- > > > > Edit the Page_Load method in C:\projects\Google.Apps.SingleSignOn\web > > > \SingleSignOn.aspx.cs to place restrictions on who can log in to > > > Google Apps for this domain. The sample application does not verify > > > the credentials. > > > > It may be helpful in development to view the SAML request, SAML > > > response, and RelayState values. To see this information, edit C: > > > \projects\Google.Apps.SingleSignOn\web\Web.config and set the > > > Google.Apps.SingleSignOn.Url to SingleSignOnDebug.aspx instead of > > > SingleSignOn.aspx.” > > > But it is also not solving the problem??? > > > This should have effect after you did 6). Basically you need to add > > your authentication logic here to complete your integration. > > > > On Aug 25, 6:40 am, "Anirudh (Google)" <[EMAIL PROTECTED]> wrote: > > > > > Hi Arkesh, > > > > > What error message do you on the console see when you run the command > > > > line utilities i.e. makecert.exe and pvk2pfx.exe ? > > > > > Running the following command generates the certificate with public > > > > key (.cer) and the private key (.pvk): > > > > "c:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin > > > > \makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk > > > > mycert.cer > > > > > Post running that command, you need to run: > > > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin > > > > \pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx > > > > to generate the .pfx file for your SSO assembly consumption. > > > > > -Anirudh > > > > > On Aug 24, 5:59 am, Arkesh <[EMAIL PROTECTED]> wrote: > > > > > > Hi Everybody, > > > > > I want to implement Google single sign on for my organization > > > > > website. > > > > > I used Google api SSO .NET Client library.Link is as > > > > > belowhttp://code.google.com/apis/apps/libraries_and_samples.htmlhttp://cod... > > > > > > there is a read me file for documentation. > > > > > I am pasting the read me doucmentation here at the end of this > > > > > message. > > > > > Actually i followed instructions according to documentation ,but hte > > > > > real problem comes at,installing certificates > > > > > Creating and installing a certificate > > > > > ------------------------------------- > > > > > > 1. Run these commands from a command prompt. If Visual Studio 2005 > > > > > is installed in a different location, change the commands accordingly. > > > > > > cd \projects\Google.Apps.SingleSignOn\key > > > > > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin > > > > > \makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk > > > > > mycert.cer > > > > > > "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin > > > > > \pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx > > > > > > makecert.exe will generate two files: > > > > > > mycert.cer - certificate which contains the public key > > > > > mycert.pvk - contains the private key > > > > > > pvk2pfx.exe will generate one file: > > > > > > mycert.pfx - contains the private key, usable by .NET framework > > > > > > Read about these utilities on MSDN: > > > > > > makecert.exe > > > > > http://msdn2.microsoft.com/en-us/library/bfsktky3(VS.80).aspx > > > > > > pvk2pfx.exe > > > > > http://msdn2.microsoft.com/en-us/library/aa387764.aspx > > > > > > 2. Verify, and grant if necessary, read permission to the ASP.NET > > > > > user to read the mycert.pfx file. One way to do this is through the > > > > > file properties Security tab. If you have the xcacls utility > > > > > installed, > > > > > > "C:\Program Files\Support Tools\xcacls.exe" mycert.pfx /e /g > > > > > MYCOMPUTERNAME\ASPNET:R > > > > > > ------------------ > > > > > if i run "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools > > > > > \Bin\pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx > > > > > at commnad prompt it do not allows me to run the command with -r -pe > > > > > - > > > > > n "CN=My Domain" -sky exchange -sv mycert.pvk mycert.cer > > > > > options > > > > > > is there is any solutions to make it simple but clear???? > > > > > > ================ > > > > > > This sample C# ASP.NET application can be used as a SAML Identity > > > > > Provider for the Google Apps Single Sign-On service. > > > > > > See this article at the Google Code website for an introduction to the > > > > > Google Apps Single Sign-On service: > > > > > >http://code.google.com/apis/apps/sso/saml_reference_implementation.html > > > > > > Building the sample application with Microsoft Visual Studio 2005 > > > > > ----------------------------------------------------------------- > > > > > > 1. Extract the .zip file to a local directory, e.g. C:\projects > > > > > \Google.Apps.SingleSignOn. The contents are: > > > > > > key - test certificates > > > > > src - C# source code > > > > > web - ASP.NET source code > > > > > VS2005.sln - Visual Studio 2005 solution file. > > > > > > 2. Open the C:\projects\Google.Apps.SingleSignOn\VS2005.sln solution > > > > > file in Visual Studio 2005. > > > > > > 3. Build the solution. > > > > > > 4. The executables are in C:\projects\Google.Apps.SingleSignOn\web > > > > > \bin > > > > > > Installing the sample application in Internet Information Services > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
