Google App Engine上的域限制认证 [英] Domain restricted authentication on Google App Engine
问题描述
我最近部署了一个GAE应用程序(即 http://www.stashboard.org/ )为了帮助管理我公司的应用程序池。
为了不发布池的状态tout每个人(客户,其他公司...)我希望只允许访问给那些使用其公司帐户登录的用户(即:user@mycompany.com)。
域名mycompany.com不由谷歌管理。
当我将验证类型设置为Google Apps域时,我无法再登录该应用程序,而是收到错误500:
错误:服务器错误
服务器遇到错误,无法完成您的请求。
如果问题仍然存在,请报告您的问题并提及此
错误消息以及导致该问题的查询。
<
2013-10-21 14:42:57.856 / admin 500 55ms 0kb Mozilla / 5.0(Windows NT
6.1; WOW64)AppleWebKit / 537.36(KHTML,如Gecko)Chrome / 30.0.1599.101 Safari / 537.36
194.206.149.66 - - [21 / Oct / 2013:05:42:57 -0700] GET / admin HTTP / 1.1500 0 - Mozilla / 5.0(Windows NT 6.1; WOW64)AppleWebKit / 537.36
(KHTML,如Gecko)Chrome / 30.0.1599.101 Safari / 537.36
xxxxxx .appspot.comms = 56 cpu_ms = 0 app_engine_release = 1.8.6 W
2013-10-21 14:42:57.856
Google验证应用程序域
mycompany.com只能在从该域的
子域提供请求或已通过Google
应用程序控制面板批准时才能执行。请参阅
https://developers.google.com/appengine/articles/auth
链接的文档对我没有多大帮助,而负责Google Apps的管理员找不到如何批准域名(appspot.com我猜)在控制面板中。
供参考:这是我第一次使用GAE,这使我成为最有经验的GAE用户在我的公司...所以是的,我们在这里相当无能。
为了实现这个目标,我认为您必须将此Google App Engine应用添加到您的Google Apps域控制台。为了实现这一目标,您必须首先使用Google Apps管理mycompany.com域。之后,如果您访问 https://appengine.google.com >找到您的应用>应用设置>添加域名并按照步骤操作。
一旦您在Google Apps仪表板中看到您的GAE应用程序,您可能还需要在<$ c $中添加一些内容
- url:。* $ c> app.yaml能够限制您的用户。 b $ b script:main.py
login:required
重新部署应用后,访问应仅限于您所需的域名。
I've recently deployed a GAE application (namely http://www.stashboard.org/) in order to help manage my company's application pool.
In order not to publish the pool's status tout everyone (customers, other companies...) i wish to allow access only to those who log in with their corporate account (ie : user@mycompany.com).
The domain "mycompany.com" is not managed by google.
When I set the Authentication Type to "Google Apps domain" i can no longer log in to the app, and i get a Error 500 instead:
Error: Server Error
The server encountered an error and could not complete your request. If the problem persists, please report your problem and mention this error message and the query that caused it.
The following error is logged:
2013-10-21 14:42:57.856 /admin 500 55ms 0kb Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 194.206.149.66 - - [21/Oct/2013:05:42:57 -0700] "GET /admin HTTP/1.1" 500 0 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36" "xxxxxx.appspot.com" ms=56 cpu_ms=0 app_engine_release=1.8.6 W 2013-10-21 14:42:57.856
Authentication for the Google Apps domain mycompany.com can only be performed when requests are served from a subdomain of that domain or it has been approved through the Google Apps Control Panel. See https://developers.google.com/appengine/articles/auth
The linked documentation doesn't help me much, and the admin in charge of Google Apps doesn't find how to "approve" the domain (appspot.com i guess) in the control panel.
FYI: this is my first time working with GAE, and that makes me the most experienced GAE user in my company... so yeah we're pretty clueless here.
In order to enable that and make it work, I think you'll have to add this Google App Engine app to your Google Apps domain dashboard. To achieve that you will have to manage the mycompany.com domain with Google Apps first. After that if you go to https://appengine.google.com > locate your app > Application Settings > Add Domain and follow the steps there.
Once you will see your GAE app in the Google Apps dashboard, you might also going to need to add some stuff in the app.yaml to be able to restrict your users:
- url: .*
script: main.py
login: required
After redeploying the app the access should be restricted to only your desired domain.
这篇关于Google App Engine上的域限制认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
