Using SimpleSAMLphp to authenticate users in Google Apps with Active Directory
To let my users login to Google Apps using Active Directory accounts, I can use SimpleSAMLphp as an IdP which gets identities from my Active Directory servers. Things are pretty easy with simplesamlphp, of-course:
1. SimpleSAMLphp configurations:
simplesamlphp/config/authsources.php:
simplesamlphp/config/config.php:
simplesamlphp/www/logout_relay.php: (because Google does not allow log out URLs that have question mark and parameters)
2. Google App settings:
>> Go to https://admin.google.com and login as my Google App administrator account.
>> Security -> Advanced Settings -> Setup Single Sign-on (SSO):
+ Check "Enable Single Sign-on"
+ Sign-in page URL *
https://mydomain.com/simplesaml/saml2/idp/SSOService.php
+ Sign-out page URL *
https://mydomain.com/simplesaml/logout_relay.php
+ Change password URL *
https://mydomain.com/
>> Click "Save changes"
3. NGINX server block for simplesamlphp:
References:
1. SimpleSAMLphp configurations:
simplesamlphp/config/authsources.php:
simplesamlphp/config/config.php:
simplesamlphp/www/logout_relay.php: (because Google does not allow log out URLs that have question mark and parameters)
2. Google App settings:
>> Go to https://admin.google.com and login as my Google App administrator account.
>> Security -> Advanced Settings -> Setup Single Sign-on (SSO):
+ Check "Enable Single Sign-on"
+ Sign-in page URL *
https://mydomain.com/simplesaml/saml2/idp/SSOService.php
+ Sign-out page URL *
https://mydomain.com/simplesaml/logout_relay.php
+ Change password URL *
https://mydomain.com/
>> Click "Save changes"
3. NGINX server block for simplesamlphp:
References:
Comments
Post a Comment