Objective:
Document some of the most common SSO use cases in order to integrate Google Apps to an organization structure.
Basic Concepts:
This guide shows how to integrate Google Apps using SAML for exchanging authentication between IdP and SP.
SAML: (Security Assertion Markup Language) XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider
OAuth2: Is an open standard for authorization that provides to client applications a 'secure delegated access' to server resources on behalf of a resource owner. It focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
IdP: (Identity Provider) Entity who grants access. This is the canonical system where your users' account and authentication information is stored.
SP: (Service Provider) Services that users want to log in to. In SSO, these check users against the IdP in order to grant access.
LDAP: (Lightweight Directory Access Protocol) Standard application protocol for accessing and maintaining distributed directory information services like Active Directory, Novell eDirectory, OpenLDAP, OpenDS, OpenDJ, etc.
Access Management Solutions: Platforms that works as a server of the principal SSO technologies (SAML, OAuth2) in which SPs will connect, and works as a client of the principal IdP (LDAP, Active Directory, Database, RADIUS, etc).
These are some common examples of each one:
IdP | SP | Access Management Solutions |
LDAP Google Apps Moodle Database stored Active Directory RADIUS | Google Apps Moodle Blackboard Institution portal Wifi Access Guarani | SimpleSAML OpenAM Shibboleth Gluu WSO2 CAS |
Guides and live demos
Overview
This guide shows a lightweight version of the full guide.
Platform configurations
This guide shows how to install and configure OpenAM in order to use as a bridge or as a identity provider.
This guide shows how to install and configure Freeradius server in order to authenticate with wireless networks.
This guide shows how to install an LDAP server and configure a web based admin tool.
Configuring OpenLDAP as an IdP to connect with SimpleSAML:
This guide describes how to connect some SP ( Google Apps, Moodle ) with an LDAP based IdP. SimpleSAML is used as a bridge
Configuring Freeradius server to authenticate with Google as IdP (No hotspot method)
This guide shows how to configure a freeradius server in order to authenticate wireless devices with Google Apps credentials (this is not a web based authentication).
Configuring Google Apps as an IdP through OAuth2 using OpenAM
This guide describes how to connect some SP ( Google Apps, Moodle ) with the Google Apps directory as an IdP. It also shows a live demo to test.
This guide shows how to configure a database connector to manage LDAP servers.
Creating free Verified SSL certificates and installing in tomcat
This guide helps to user to create a signed and verified certificate and how to install on tomcat. This can be used on OpenAM installations to grant access to SSO on devices.
Chromebooks and Mobile devices in a SSO enabled domain
This guide describes how to enable Chromebooks and mobile devices to work in SSO enabled domains.
Adapting existing systems to federations based on SAML or OAuth2 using OpenIG
This guide shows how to adapt existing institutional systems to a federated environment.
Adapting existing systems to a SAML federation developing a client using OneLogin SAML toolkit
This guide shows how to adapt existing institutional systems to a SAML federated environment.
Developing a client to adapt existing systems to authenticate using Google Apps stored credentials
This guide shows how to adapt existing institutional systems to authenticate using Google Apps stored credentials.
Developing a client to adapt existing systems to authenticate using OAuth2
This guide shows how to adapt existing institutional systems to authenticate using an OAuth2 server.
Using OpenLDAP as an IdP, Google as SP and OpenAM as bridge through SAML
This guide describes how to connect Google Apps with an LDAP based IdP. OpenAM is used as a bridge.
Using a Database as an IdP and Google as a SP, using OpenAM as a bridge:
This guide describes how to connect a database vis JDBC as an IdP. OpenAM is used as a an IdP and a bridge.
Using Moodle as an IdP though SAML using GSAML Plugin:
This guide describes how to connect some SP ( Google Apps ) with Moodle authentication system as an IdP. This guide also shows a live demo to test.
Using Google Apps as IdP, Moodle as a SP and OpenAM as a bridge
Moodle and Google can be connected directly using OAuth2 but we are using OpenAM just to maintain the logged status on the other platforms connected.
Using Wifi devices to authenticate with Google Apps accounts via WPA (No hotspot method)
This guide shows how to configure a Wifi devices, using WPA authentication through a radius server (this is not a web based authentication).
Adapting existing systems to connect with OpenAM via SAML using OneLogin developed client
This guide shows how to adapt existing institutional systems to connect to OpenAM via SAML.
Adapting existing systems to connect with OpenAM via OAuth2 using a developed client
This guide shows how to adapt existing institutional systems to connect to OpenAM via OAuth2.
Live demos
Working demos on a federated environment.
Webinars
Webinar 01 - English - Understanding Single Sign-On
Webinar 01 - Spanish - Comprendiendo Single Sign-On
Webinar 02 - English - Single Sign-On Tools
Webinar 02 - Spanish - Herramientas usadas en Single Sign-On
Webinar 03 - English - Google Apps as Service Provider
Webinar 03 - Spanish - Google Apps como Proveedor de Servicio
Webinar 04 - English - Google Apps as Identity Provider
Webinar 04 - Spanish - Google Apps como Proveedor de Identidad