Home‎ > ‎

SSO Single Sign-On

SSO Single Sign-On


Objective:


Document some of the most common SSO use cases in order to integrate Google Apps to an organization structure.


Basic Concepts:


This guide shows how to integrate Google Apps using SAML for exchanging authentication between IdP and SP.


  • SAML: (Security Assertion Markup Language) XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider

  • OAuth2: Is an open standard for authorization that provides to client applications a 'secure delegated access' to server resources on behalf of a resource owner. It focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

  • IdP: (Identity Provider) Entity who grants access. This is the canonical system where your users' account and authentication information is stored.

  • SP: (Service Provider) Services that users want to log in to. In SSO, these check users against the IdP in order to grant access.

  • LDAP: (Lightweight Directory Access Protocol) Standard application protocol for accessing and maintaining distributed directory information services like Active Directory, Novell eDirectory, OpenLDAP, OpenDS, OpenDJ, etc.

  • Access Management Solutions: Platforms that works as a server of the principal SSO technologies (SAML, OAuth2) in which SPs will connect, and works as a client of the principal IdP (LDAP, Active Directory, Database, RADIUS, etc).


These are some common examples of each one:


IdP

SP

Access Management Solutions

LDAP

Google Apps

Moodle

Database stored

Active Directory

RADIUS

Google Apps

Moodle

Blackboard

Institution portal

Wifi Access

Guarani

SimpleSAML

OpenAM

Shibboleth

Gluu

WSO2

CAS


Guides and live demos


Overview


Overview of Single Sign-On

This guide shows a lightweight version of the full guide.


Platform configurations


Installing SimpleSAML

This guide shows how to install and configure SimpleSAML in order to use as a bridge or as a identity provider.


Installing OpenAM

This guide shows how to install and configure OpenAM in order to use as a bridge or as a identity provider.


Installing Freeradius

This guide shows how to install and configure Freeradius server in order to authenticate with wireless networks.


Installing OpenLDAP

This guide shows how to install an LDAP server and configure a web based admin tool.


This guide explains how to connect Google to OpenAM via SAML.

This guide explains how to connect any kind of LDAP based server as IdP with OpenAM

This guide explains how to connect a database (most databases are supported these are connected via JDBC) connection as an IdP with OpenAM

Configuring OpenLDAP as an IdP to connect with SimpleSAML:

This guide describes how to connect some SP ( Google Apps, Moodle ) with an LDAP based IdP. SimpleSAML is used as a bridge


Configuring Freeradius server to authenticate with Google as IdP (No hotspot method)

This guide shows how to configure a freeradius server in order to authenticate wireless devices with Google Apps credentials (this is not a web based authentication).


Configuring Google Apps as an IdP through OAuth2 using OpenAM

This guide describes how to connect some SP ( Google Apps, Moodle ) with the Google Apps directory as an IdP. It also shows a live demo to test.


Configuring JDBC LDAP Driver

This guide shows how to configure a database connector to manage LDAP servers.


Creating free Verified SSL certificates and installing in tomcat

This guide helps to user to create a signed and verified certificate and how to install on tomcat. This can be used on OpenAM installations to grant access to SSO on devices.


Chromebooks and Mobile devices in a SSO enabled domain

This guide describes how to enable Chromebooks and mobile devices to work in SSO enabled domains.


Adapting existing systems to federations based on SAML or OAuth2 using OpenIG

This guide shows how to adapt existing institutional systems to a federated environment.


Adapting existing systems to a SAML federation developing a client using OneLogin SAML toolkit

This guide shows how to adapt existing institutional systems to a SAML federated environment.


Developing a client to adapt existing systems to authenticate using Google Apps stored credentials

This guide shows how to adapt existing institutional systems to authenticate using Google Apps stored credentials.


Developing a client to adapt existing systems to authenticate using OAuth2

This guide shows how to adapt existing institutional systems to authenticate using an OAuth2 server.



Platform interconnection

Using OpenLDAP as an IdP, Google as SP and OpenAM as bridge through SAML

This guide describes how to connect Google Apps with an LDAP based IdP. OpenAM is used as a bridge.


Using a Database as an IdP and Google as a SP, using OpenAM as a bridge:

This guide describes how to connect a database vis JDBC as an IdP. OpenAM is used as a an IdP and a bridge.


Using Moodle as an IdP though SAML using GSAML Plugin:

This guide describes how to connect some SP ( Google Apps ) with Moodle authentication system as an IdP. This guide also shows a live demo to test.


Using Google Apps as IdP, Moodle as a SP and OpenAM as a bridge

Moodle and Google can be connected directly using OAuth2 but we are using OpenAM just to maintain the logged status on the other platforms connected.


Using Wifi devices to authenticate with Google Apps accounts via WPA (No hotspot method)

This guide shows how to configure a Wifi devices, using WPA authentication through a radius server (this is not a web based authentication).


Adapting existing systems to connect with OpenAM via SAML using OneLogin developed client

This guide shows how to adapt existing institutional systems to connect to OpenAM via SAML.


Adapting existing systems to connect with OpenAM via OAuth2 using a developed client

This guide shows how to adapt existing institutional systems to connect to OpenAM via OAuth2.



Live demos

Working Examples

Working demos on a federated environment.


Webinars


Webinar 01 - English - Understanding Single Sign-On


Webinar 01 - Spanish - Comprendiendo Single Sign-On


Webinar 02 - English - Single Sign-On Tools


Webinar 02 - Spanish - Herramientas usadas en Single Sign-On


Webinar 03 - English - Google Apps as Service Provider 


Webinar 03 - Spanish - Google Apps como Proveedor de Servicio


Webinar 04 - English - Google Apps as Identity Provider


Webinar 04 - Spanish - Google Apps como Proveedor de Identidad