Using OpenLDAP as an IdP, Google as SP and OpenAM as a bridge through SAML
This guide was written using Debian based ( e.g. Ubuntu ) operating system. In other distributions just change the "apt-get" to their respective package manager tool. This example uses a LDAP directory to connect with SAML platforms through OpenAM authentication.
Please replace every federation.ga with your OpenAM domain. and change appsedudemo.com with your Google Apps domain.
Prerequisites:
Tomcat 7
OpenAM
Google Apps domain
LDAP Server
Instructions:
- If you have not already connected Google Apps to OpenAM please follow the Connecting Google Apps as SP via SAML through OpenAM guide.
- If you have not yet connected LDAP server with OpenAM please follow the Connecting LDAP server as IdP through OpenAM guide.
Log-in to OpenAM web admin:
- Go to "Access Control".
- Click on "/ (Top Level Realm)"
- Go to "Authentication" tab.
- Click on "Authentication chaining" > "New"
- Set a name and click OK
- Add an Item and select your LDAP module and Save
- Click on "Back to Access Control"
- Change on "Core" section the "Organization Authentication Configuration" with the created chain name. and Save
- In order to test go to your Google Apps links, example:
http://mail.google.com/a/appsedudemo.com