使用Google Apps + App引擎进行单一登录 [英] Single Sign-On with Google Apps + App Engine
问题描述
是否可以通过App Engine上的内置OpenId实现SSO?我一直在尝试整合Marketplace应用,并在Google Apps(管理面板或通用导航)来访时登录用户。我失败了,现在我发现了这一点:
有一个例外就是混合使用OpenID / OAuth的应用程序 - 白名单目前不支持这种方式。 (来自此处)
我假设我必须使用库来实现OpenId,而不是使用内置的库在我的应用中使用Google Apps实现SSO?或者,如果可以使用内置的OpenId,有没有一个例子可以说明如何做到这一点? 后来的Google发表了一篇关于如何在Python中完成的文章:
http://code.google.com/googleapps/marketplace/tutorial_python_gae.html
总结如下:
- 您必须将Marketplace清单XML中的OpenID领域(应用程序域)列入白名单。
- 用于Google通用导航的用户必须包含当前的Google Apps域。
- 您应用中的入口点将通过Google Apps域的用户重定向为
federated_identity
。
例如:
from google.appengine.api导入用户
#[...]
login_url = users.create_login_url(dest_url ='http:// my-一个pp.appspot.com/',
_auth_domain =无,
federated_identity = google_apps_domain_name)
self.redirect(login_url)
Is it possible to achieve SSO with the built-in OpenId on App Engine? I've been trying to integrate a Marketplace app and get the user logged in when coming from Google Apps (the admin panel or universal navigation). I failed miserably, then now I found this:
"The one exception to this is applications which do hybrid OpenID/OAuth — whitelisting does not currently work with this approach." (from here)
I assume that I have to implement OpenId using a library instead of using the built-in one to achieve SSO with Google Apps in my app? Or if it is possible with built-in OpenId, is there an example anywhere that shows how to do this?
Later Google posted an article about how to do it in Python:
http://code.google.com/googleapps/marketplace/tutorial_python_gae.html
The summary is:
- You must whitelist your "OpenID realm" (the app domain) in the Marketplace manifest XML.
- The entry point used for the Google's universal navigation must contain the current Google Apps domain.
- The entry point in your app redirects the user passing the Google Apps domain as
federated_identity
.
For example:
from google.appengine.api import users
# [...]
login_url = users.create_login_url(dest_url='http://my-app.appspot.com/',
_auth_domain=None,
federated_identity=google_apps_domain_name)
self.redirect(login_url)
这篇关于使用Google Apps + App引擎进行单一登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!