Wednesday, April 2, 2014

Using SimpleSAMLphp to authenticate users in Google Apps with Active Directory

To let my users login to Google Apps using Active Directory accounts, I can use SimpleSAMLphp as an IdP which gets identities from my Active Directory servers. Things are pretty easy with simplesamlphp, of-course:

1.  SimpleSAMLphp configurations:



simplesamlphp/www/logout_relay.php: (because Google does not allow log out URLs that have question mark and parameters)

2. Google App settings:

>> Go to and login as my Google App administrator account.

>> Security -> Advanced Settings -> Setup Single Sign-on (SSO):

+ Check "Enable Single Sign-on"

+ Sign-in page URL *

+ Sign-out page URL *

+ Change password URL *

>> Click "Save changes"

3. NGINX server block for simplesamlphp: