Please replace every federation.ga with your OpenAM domian, and replace appsedudemo.com with your Google Apps domain

Prerequisites:

• Tomcat 7

• OpenAM.war file

• openam subdomain created (i.e. openam.openid.ga)

• LDAP Server

Instructions:

• Install OpenAM following the Installing OpenAM guide.

• Log-in to OpenAM web admin:

• 

• On "Common Tasks" tab click on "Create Hosted Identity Provider"
• 
  
  
• Select a "Signing key"
• 
  
  
• Write a "New Circle of Trust" name
• 
• Click on "Configure" button
• Then click on "configura Google Apps" link
• 
• 
  
• On "Common Tasks" tab click on "Configure Google Apps"
• 
• Add your Google Apps domain and click on "Create" button
• 
• A message will confirm when the action is completed, click OK
• 
• The respective SSO links and certificate will be generated.
• 
• Click on "Click here to download" button to download the certificate.
• 
• On a new browser tab Go to your Google Apps admin panel http://admin.google.com
• Go to "Security" > "Advanced" > "Set up single sign-on (SSO)"
• 
  
  
• Paste the OpenAM provided links to SSO Google configuration, upload the downloaded certificate and check the "Enable Single Sign-on" and "Use a domain specific issuer" checkboxes and then click on "Save changes" button.
• 
• Return to OpenAM window, now to need to setup an identity provider, go to "Access Control".
• 
• Click on "/ (Top Level Realm)"
• You can setup an identity provider on Authentication tab.
• OpenAM has a default identity provider that you can use for testing proposes, if you go to "Subject" tab, you can create a new user clicking on "New".
• 
• The ID field must match with an existing Google Apps user.
• 
• In order to test please go to http://mail.google.com/a/appsedudemo.com