Users of cloud-based business applications shouldn’t have to create, remember and maintain new credentials for each of the many apps that they use. With applications on the
Google Apps Marketplace, they don’t need to-- these applications allow users to login with their existing Google Apps accounts using OpenID.
To enable the Single Sign On experience for Marketplace apps, developers simply need to add a universal navigation link and an OpenID realm to their
application manifest. Adding these elements is easy-- it’s just a snippet of XML:
<Extension id="navLink" type="link">
<Name>Amazing Cloud App</Name>
<Url>http://www.example.com/home.php?domain=${DOMAIN_NAME}</Url>
</Extension>
<Extension id="realm" type="openIdRealm">
<Url>http://www.example.com</Url>
</Extension>
With this XML in the application manifest, a link called “Amazing Cloud App” will appear in the universal navigation of all Google Apps. Also, if one of the realms specified in the manifest file precisely matches the
openid.realm in the OpenID request, then the user will be seamlessly signed into the app after clicking on the link in the universal navigation (without seeing a typical OpenID interstitial allow/deny page).
Of course, you’ll also need code in your application which accepts OpenID logins. In addition to open source libraries, here are a few companies that are making it easier for cloud applications to integrate with the Google Apps Marketplace. Their code provides simple APIs with which developers can integrate, leaving some of the complexities of the OpenID protocol to be implemented by the experts -- no need to hand-roll your own OpenID code.
- JanRain
JanRain’s open source PHP and Ruby OpenID libraries and on-demand RPX solution enabled the implemention of OpenID for many of the companies that launched on the Google Apps Marketplace by writing simple code or web service calls. - Ping Identity
Ping’s PingFederate is an on-premise service that allows SaaS applications to easily accept OpenID and SAML-based logins by integrating with their libraries or using their web server or application server plug-ins. - TriCipher
TriCipher’s myOneLogin Identity Services is an on-demand application that allows developers to accept OpenID, SAML and other federation protocols by writing simple web service calls.
Their are plenty of open source OpenID libraries available for other platforms, such as
OpenID4Java (using Step2 code for Google Apps) and
DotNetOpenAuth. More information on
implementing Single Sign On in Google Apps Marketplace apps can be found on code.google.com.
If you need additional information on building apps for the Google Apps Marketplace, see the
Developer’s Overivew on code.google.com.
Posted by Ryan Boyd, Google Apps Marketplace Team
8 comments :
Any resources/pointers for Google App Engine developers (python, NOT Java) would be super awesome.
I hate to see python being boycotted.
This library works great if you're using django:
http://bitbucket.org/benoitc/django-authopenid/wiki/Home
agree - don't neglect python!
This just gr8 to have single sign on with open id in google apps..
Thanks,
Tejash
Tips and Tricks for blogger and internet users
Python isn't being boycotted -- we just needed to prioritize our development activities based on the languages being used by the initial set of launching vendors.
There is an open source Python OpenID library:
http://openidenabled.com/python-openid/
Someone would need to add additional code to handle the Google Apps discovery. There's a Googler working on that, but I don't have an estimated release date.
Other option would be to use something like RPX which has Python libraries.
Cheers,
-Ryan
+1 for updating the python-openid library, or making another path available for AppEngine developers. ASAP please. :)
-1 for building this on a standard (OpenID) which is horrendously convoluted. Providing a simple Google-Apps-specific auto-sign-on option would make life a lot easier for developers who care more about getting an app working on the marketplace than learning the ins and outs of OpenID. You're costing many of us lots of frustrating hours trying to make this work.
Starting in App Engine SDK 1.3.4, we've added OpenID (and OAuth) support to both the Python and Java runtimes. For more information on how to use OpenID, please see this article:
http://code.google.com/appengine/articles/openid.html
Love google sign in. It's just very convenient, like an EU passport... :) The only problem is that not all sites use it yet, especially blogs on wordpress etc. Thanks for the post!
Post a Comment