Hi Ambarish, Please see the comments below for your questions.
1) I don't believe you can specify arbitrary fields but you can make a request and examine the SAMLRequest parameters and cookies that are returned to see what attributes are included. 2) The public key of the partner should be uploaded by you to the Google Apps Admin Panel and will be used by us to verify your SAMLResponse. 3) After receiving a valid SAMLResponse from your end, the user will be authenticated to all the Google Apps services your domain offers. A session cookie will be set for Google properties but it is not used for SAML purspose. Also, please make sure you return the RelayState along with the SAMLResponse. 4) Yes, your understanding is correct. Thanks, --Tony On Nov 25, 11:28 pm, ambarish <[EMAIL PROTECTED]> wrote: > Hello all, > > I am a newbie to Google Apps API, and am reading on the SSO (Single > Sign-on) API for Google Apps from this > page:http://code.google.com/apis/apps/sso/saml_reference_implementation.html > > 1) In the sequence diagram, step 2 is "Google generates a SAML > authentication request". My question is: how or what determines what > fields go into the Saml Request so formed, and where do we have to > specify the same? > > Specifically, if the first request from the users browser has a > cookie, can we include the cookie in one field of this request? Can we > specify which all fields we want in here? > > 2) Step 5 says ".....response is digitally signed with the partner's > public and private DSA/RSA keys.". My question is: I understand the > private key, but why the public key of the partner is needed to sign? > If public key is used for signing, then the corresponding private key > (which is held only by the partner application) is needed to > understand the signature. > > 3) If the SAML response is correctly received in the Google Apps side, > does it create a cookie in the session for the authenticated user? > > 4) From what I understand, for enabling SSO to google applications, we > need a SAML authority in the partner side, which will do the > following: > > - receive the SAML request from google apps > - parse, and get the user information for authentication > - form a response > - sign with its private key > - send the response to google. > > Let me know if this understanding is correct. > > Regards, Ambarish. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
