Google Marketplace应用-将OpenID领域列入白名单,实现无缝单点登录 [英] Google Marketplace App - Whitelist OpenID realm for seamless Single Sign-On
问题描述
我试图弄清楚要实现无缝的SSO注册.
I'm trying to figure out what I need to do in order to achieve seamless SSO sign up.
当域的管理员安装我的Google应用时,他/她域中的所有用户都应该能够通过SSO登录,而不会看到任何确认提示.我正在查看有关如何设置此文件的文档:
When an administrator of a domain installs my google app, all of the users on his/her domain, should be able to sign-in through SSO without seeing any confirmation prompts. I'm looking into documentation on how to set this up:
您的应用程序不应显示确认页面,而应显示 与OpenID请求中的
openid.realm参数的值匹配 对照应用清单中声明的值.
Instead of displaying a confirmation page, your application should match the value of the
openid.realmparameter in the OpenID request against the value declared in the application's manifest.
有这样的例子吗?另外,我认为Google一旦将XML清单文件从OpendID切换到OAuth 2.0,便停止使用它们.如果是这样,此白名单流程如何与OAuth 2.0配合使用?
Is there an example of this? Also, I think Google stopped using XML manifest files once they switched from OpendID to OAuth 2.0. If so, how does this whitelist process work with OAuth 2.0?
我应该使用 Google Admin SDK 吗?
推荐答案
由于Google不再使用OpenId,因此白名单说明已过时.找到了有关使用Oauth进行域范围授权的博客文章2.0 . Google建议以下内容:
Since google is moving away from OpenId, white listing instructions are obsolete. Found a blog post about Domain-wide delegation with Oauth 2.0. Google recommends the following:
现在推荐的授权机制是使用OAuth 2.0和 服务帐户. Google Apps域管理员可以将域范围的权限委派给一组API的服务帐户的凭据.这样一来,允许该应用程序使用服务帐户的凭据代表Google Apps域的用户进行操作.
the recommended authorization mechanism is now to use OAuth 2.0 and service accounts. Google Apps domain administrators can delegate domain-wide authority to the service account’s credentials for a set of APIs. This results in allowing the application, by using the service account’s credentials, to act on behalf of the Google Apps domain’s users.
有关如何设置域范围委派的说明- https://developers.google.com/驱动器/网络/委托
instructions on how to set up domain wide delegation - https://developers.google.com/drive/web/delegation
这篇关于Google Marketplace应用-将OpenID领域列入白名单,实现无缝单点登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
