Wednesday, April 2, 2014

Using SimpleSAMLphp to authenticate users in Google Apps with Active Directory

To let my users login to Google Apps using Active Directory accounts, I can use SimpleSAMLphp as an IdP which gets identities from my Active Directory servers. Things are pretty easy with simplesamlphp, of-course:

1.  SimpleSAMLphp configurations:

simplesamlphp/config/authsources.php:



simplesamlphp/config/config.php:




simplesamlphp/www/logout_relay.php: (because Google does not allow log out URLs that have question mark and parameters)




2. Google App settings:

>> Go to https://admin.google.com and login as my Google App administrator account.

>> Security -> Advanced Settings -> Setup Single Sign-on (SSO):


+ Check "Enable Single Sign-on"

+ Sign-in page URL *

https://mydomain.com/simplesaml/saml2/idp/SSOService.php

+ Sign-out page URL *

https://mydomain.com/simplesaml/logout_relay.php

+ Change password URL *

https://mydomain.com/


>> Click "Save changes"


3. NGINX server block for simplesamlphp:




References: