[Stratos-dev] default integration to Google Auth

Dimuthu Leelarathne dimuthul at wso2.com
Mon Jan 24 18:52:55 PST 2011


Hi,

On Mon, Jan 24, 2011 at 4:47 PM, Prabath Siriwardana <prabath at wso2.com>wrote:

> I think we need to build this on top of the OpenID RP component we
> already have.. Please try just using an IS - on a public IP - with
> Google Apps - it should work...
>
> You need to type just google.com on the OpenID box - and it will
> redirect you to the Google for authentication...
>
> The next step would be to add this component [BE]- [we ned to modify
> the UI] - to identity.cloud.wso2.com - which is our SAML2 IdP. So - we
> can have SAML2-OpenID integrated login in that way - which won't break
> the existing stuff...
>
>
+1 totally.

thanks,
dimuthu


> Thanks & regards,
> -Prabath
>
> On Mon, Jan 24, 2011 at 3:34 PM, Dimuthu Leelarathne <dimuthul at wso2.com>
> wrote:
> > Hi,
> >
> > Just managed to get a POC working. I integrated my webapp with GApp.
> >
> > http://appserver.cloud.wso2.com/t/demogapp.com/webapps/gappdimuthunew
> >
> > We also have a OpenId RP component in IS. I need to look at modifying it
> > properly to work with with GApp. I need to read more on what are the
> > differences and what needs to be done to use the same code.
> >
> > Thanks,
> > DimuthuL
> >
> > On Mon, Jan 24, 2011 at 8:18 AM, Dimuthu Leelarathne <dimuthul at wso2.com>
> > wrote:
> >>
> >> Hi,
> >>
> >> Just started on the task. I will give a feedback today.
> >>
> >> Thanks,
> >> Dimuthu
> >>
> >> On Sun, Jan 23, 2011 at 8:50 AM, Sanjiva Weerawarana <sanjiva at wso2.com>
> >> wrote:
> >>>
> >>> Dimuthu how's it going on this?
> >>> This may help as
> >>> well:
> http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html#cpanel
> .
> >>> Sanjiva.
> >>>
> >>> On Tue, Jan 18, 2011 at 11:23 PM, Dimuthu Leelarathne <
> dimuthul at wso2.com>
> >>> wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> On Tue, Jan 18, 2011 at 10:46 AM, Samisa Abeysinghe <samisa at wso2.com>
> >>>> wrote:
> >>>>>
> >>>>> Any updates on this?
> >>>>
> >>>> I am working on RememberMe (https://wso2.org/jira/browse/STRATOS-822)
> >>>> for carbon core. It has more work than OpenId remember me because it
> >>>> requires re-authenticating user based on cookie seamlessly, i.e.  when
> the
> >>>> session expires the user should not feel it. I hope to finish this by
> >>>> (20th)Thursday and starting on Google Auth.
> >>>>
> >>>> Thanks,
> >>>> Dimuthu
> >>>>
> >>>>>
> >>>>> On Wed, Jan 5, 2011 at 9:27 AM, Dimuthu Leelarathne <
> dimuthul at wso2.com>
> >>>>> wrote:
> >>>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> On Wed, Jan 5, 2011 at 9:12 AM, Sanjiva Weerawarana <
> sanjiva at wso2.com>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> Any chance of thawing [1] soon? As part of this work we need to
> >>>>>>> figure out how to sell Stratos thru the Google apps marketplace as
> well - I
> >>>>>>> assume you'll figure that out too? ;)
> >>>>>>
> >>>>>> Yes. This is the next item in my TODO list.
> >>>>>>
> >>>>>> Thank you,
> >>>>>> Dimuthu
> >>>>>>
> >>>>>>
> >>>>>>>
> >>>>>>> Sanjiva.
> >>>>>>>
> >>>>>>> On Sun, Nov 21, 2010 at 9:22 PM, Thilina Buddhika <
> thilinab at wso2.com>
> >>>>>>> wrote:
> >>>>>>>>
> >>>>>>>> Sure. There is a task which has been already created on Pivotal
> >>>>>>>> tracker[1]. Currently it is in ice-box, need to take it out and
> start
> >>>>>>>> implementing it.
> >>>>>>>>
> >>>>>>>> From the previous work I did on this, it seems like it is better
> to
> >>>>>>>> write a light weight relying party component just for Stratos
> -Google Auth
> >>>>>>>> integration due to following reasons.
> >>>>>>>>
> >>>>>>>> -  Anyway it is required to have a different relying party UI
> >>>>>>>> component for Stratos with the same BE.
> >>>>>>>> -  Some alterations to the BE logic to support OpenID Attribute
> >>>>>>>> Exchange.
> >>>>>>>> -  Bridging SSO with Google-Auth
> >>>>>>>>
> >>>>>>>> Will initiate a discussion on this soon to decide the best
> approach.
> >>>>>>>>
> >>>>>>>> Thanks,
> >>>>>>>> Thilina
> >>>>>>>>
> >>>>>>>> [1] - http://www.pivotaltracker.com/projects/124180
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On Sun, Nov 21, 2010 at 9:08 PM, Sanjiva Weerawarana
> >>>>>>>> <sanjiva at wso2.com> wrote:
> >>>>>>>>>
> >>>>>>>>> Thlina can we get this back on the roadmap and see when we can
> get
> >>>>>>>>> this done?
> >>>>>>>>> Sanjiva.
> >>>>>>>>>
> >>>>>>>>> On Tue, Sep 7, 2010 at 10:28 AM, Thilina Mahesh Buddhika
> >>>>>>>>> <thilinab at wso2.com> wrote:
> >>>>>>>>>>
> >>>>>>>>>> Update on Google Apps and Stratos integration
> >>>>>>>>>>
> >>>>>>>>>> We did some initial tests to check whether Google Auth service
> is
> >>>>>>>>>> working with our relying party components. With the
> OpenIDForJava version
> >>>>>>>>>> upgrade done recently, our relying party components are working
> with the
> >>>>>>>>>> OpenIDs issued by Google without any issue.
> >>>>>>>>>>
> >>>>>>>>>> But in order to integrate it with Stratos, following
> modifications
> >>>>>>>>>> need to be done.
> >>>>>>>>>>
> >>>>>>>>>> 1. Requires a customized relying party UI component for Stratos.
> >>>>>>>>>> - In our default relying party component, users can associate
> >>>>>>>>>> OpenIDs with their profiles by signing up to the system through
> self
> >>>>>>>>>> registration. But we have omitted the self registration support
> in Stratos.
> >>>>>>>>>> Also the default relying party UI component contains signing up
> UI using
> >>>>>>>>>> information cards. So we have to use a customized relying party
> UI component
> >>>>>>>>>> in Stratos.
> >>>>>>>>>>
> >>>>>>>>>> 2. Using OpenID attribute Exchange instead of Simple
> Registration
> >>>>>>>>>> to fetch the user attributes
> >>>>>>>>>> - When a user tries to sign-in to Stratos using Google Auth
> >>>>>>>>>> service, it is required to get some claims of that user (Eg :
> Google Apps
> >>>>>>>>>> domain) from Google. Our current implementation use OpenID
> simple
> >>>>>>>>>> registration to fetch these claims from the OpenID provider
> which is the
> >>>>>>>>>> most commonly used approach. But Google only supports OpenID
> Attribute
> >>>>>>>>>> Exchange [1]. So we have to modify our components to use Attr
> Exchange by
> >>>>>>>>>> reading a configuration parameter.
> >>>>>>>>>>
> >>>>>>>>>> 3. Bridging the Google Auth. with Single Sign-on.
> >>>>>>>>>> - At the moment, all the Stratos services are single sign-on
> >>>>>>>>>> enabled. So Google Auth. has to come as an alternative
> authentication
> >>>>>>>>>> mechanism to the default username/password based authentication.
> And we need
> >>>>>>>>>> to bridge it with the existing single sign-on implementation.
> This is
> >>>>>>>>>> another reason why we need a customized relying party UI
> component for
> >>>>>>>>>> Stratos.
> >>>>>>>>>>
> >>>>>>>>>> This work involve some modifications to some of the stable
> >>>>>>>>>> components which are critical for Stratos. Since we are planning
> to
> >>>>>>>>>> frequently update and test the Stratos packs in the private
> cloud, I have
> >>>>>>>>>> moved the development activities of this implemenation to a
> temporary svn
> >>>>>>>>>> location [2]. Once this implementation is in a good shape, we
> can merge it
> >>>>>>>>>> back with the trunk.
> >>>>>>>>>>
> >>>>>>>>>> Thanks,
> >>>>>>>>>> Thilina
> >>>>>>>>>>
> >>>>>>>>>> [1] -
> http://openid.net/specs/openid-attribute-exchange-1_0.html
> >>>>>>>>>> [2] -
> >>>>>>>>>> https://svn.wso2.org/repos/wso2/scratch/google-auth-integration
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Sat, Jul 17, 2010 at 10:37 AM, Thilina Mahesh Buddhika
> >>>>>>>>>> <thilinab at wso2.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On Sat, Jul 17, 2010 at 6:41 AM, Sanjiva Weerawarana
> >>>>>>>>>>> <sanjiva at wso2.com> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thilina is there an ETA on this?
> >>>>>>>>>>>
> >>>>>>>>>>> We are planning to do an upgrade for the public cloud on next
> >>>>>>>>>>> Tuesday before Sameera's talk and demo about Stratos in OSCON.
> We can get
> >>>>>>>>>>> this for the next upgrade. (after two weeks from this Tuesday's
> upgrade)
> >>>>>>>>>>>
> >>>>>>>>>>> I will start working on getting this support on Stratos.
> >>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> We should make this available to tenant admins and show it at
> >>>>>>>>>>>> tenant creation time too .. makes it easier for people with
> Google Apps
> >>>>>>>>>>>> domains to manage things.
> >>>>>>>>>>>
> >>>>>>>>>>> Yes, it is required to get some information about their Google
> >>>>>>>>>>> Apps domain during the tenant creation time. Anyway users will
> have to
> >>>>>>>>>>> associate the OpenID provided by Google Apps with their Stratos
> account
> >>>>>>>>>>> during their first attempt to login to Stratos using Google
> credentials.
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks,
> >>>>>>>>>>> Thilina
> >>>>>>>>>>>
> >>>>>>>>>>>> Thanks,
> >>>>>>>>>>>> Sanjiva.
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Mon, Jul 5, 2010 at 10:46 AM, Sanjiva Weerawarana
> >>>>>>>>>>>> <sanjiva at wso2.com> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Ah excellent - I think both directions are good and useful.
> The
> >>>>>>>>>>>>> nice thing with Google creds with Stratos is that someone who
> has a Google
> >>>>>>>>>>>>> domain can use Stratos easily.
> >>>>>>>>>>>>> +1 for getting this at the earliest reasonable time.
> >>>>>>>>>>>>> Sanjiva.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Mon, Jul 5, 2010 at 10:25 AM, Thilina Mahesh Buddhika
> >>>>>>>>>>>>> <thilinab at wso2.com> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Yes. Google exposes an authentication API through OpenID[1]
> >>>>>>>>>>>>>> where Google acts as the OpenID provider. Also they have a
> hybrid approach
> >>>>>>>>>>>>>> where both OpenID + OAuth used for authentication.
> >>>>>>>>>>>>>> Since we have OpenID relying party components in Carbon, it
> is
> >>>>>>>>>>>>>> possible to support this feature. In our relying party
> components, it is
> >>>>>>>>>>>>>> possible to associate an external OpenID with a user
> account. Once this
> >>>>>>>>>>>>>> association is done, users can log-in into our servers using
> that external
> >>>>>>>>>>>>>> OpenID.
> >>>>>>>>>>>>>> Currently we do not pack the OpenID relying party components
> >>>>>>>>>>>>>> with Stratos. But we can include them in a future upgrade
> with the necessary
> >>>>>>>>>>>>>> modifications.
> >>>>>>>>>>>>>> At the moment, we support Stratos integration with Google
> >>>>>>>>>>>>>> Apps. But it is in the other way around, i.e. using Stratos
> credentials to
> >>>>>>>>>>>>>> log-in to Google Apps. :)
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>> Thilina
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Mon, Jul 5, 2010 at 7:28 AM, Sanjiva Weerawarana
> >>>>>>>>>>>>>> <sanjiva at wso2.com> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Is there any way to set it up so that a tenant can easily /
> >>>>>>>>>>>>>>> trivially integrate to Google Auth? That is, if I have a
> Google Apps domain
> >>>>>>>>>>>>>>> can we have a simple question which asks for that domain
> and then once its
> >>>>>>>>>>>>>>> set up all authn (other than for the admin?) gets delegated
> to Google?
> >>>>>>>>>>>>>>> That would make Stratos very easy to integrate for people
> >>>>>>>>>>>>>>> with Google Apps accounts .. like WSO2 :). I have a
> personal interest .. I
> >>>>>>>>>>>>>>> want to write some stuff for weerawarana.org and I want
> the auth to be
> >>>>>>>>>>>>>>> unified and as usual am lazy and don't want to read any
> blogs to figure out
> >>>>>>>>>>>>>>> how to do it :).
> >>>>>>>>>>>>>>> I don't know SAML et al. well enough to know whether that's
> >>>>>>>>>>>>>>> even a reasonable question!
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Sanjiva.
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> Sanjiva Weerawarana, Ph.D.
> >>>>>>>>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>>>>>>>>>>>>>> email: sanjiva at wso2.com; phone: +1 408 754 7388 x51726;
> cell:
> >>>>>>>>>>>>>>> +94 77 787 6880 | +1 650 265 8311
> >>>>>>>>>>>>>>> blog: http://sanjiva.weerawarana.org/
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Lean . Enterprise . Middleware
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>>>>> Stratos-dev mailing list
> >>>>>>>>>>>>>>> Stratos-dev at wso2.org
> >>>>>>>>>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> --
> >>>>>>>>>>>>>> Thilina Mahesh Buddhika
> >>>>>>>>>>>>>> Senior Software Engineer
> >>>>>>>>>>>>>> WSO2 Inc. ; http://wso2.com
> >>>>>>>>>>>>>> lean . enterprise . middleware
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> phone : +94 77 44 88 727
> >>>>>>>>>>>>>> blog : http://blog.thilinamb.com
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> --
> >>>>>>>>>>>>> Sanjiva Weerawarana, Ph.D.
> >>>>>>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>>>>>>>>>>>> email: sanjiva at wso2.com; phone: +1 408 754 7388 x51726;
> cell:
> >>>>>>>>>>>>> +94 77 787 6880 | +1 650 265 8311
> >>>>>>>>>>>>> blog: http://sanjiva.weerawarana.org/
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Lean . Enterprise . Middleware
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Sanjiva Weerawarana, Ph.D.
> >>>>>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>>>>>>>>>>> email: sanjiva at wso2.com; phone: +1 408 754 7388 x51726; cell:
> >>>>>>>>>>>> +94 77 787 6880 | +1 650 265 8311
> >>>>>>>>>>>> blog: http://sanjiva.weerawarana.org/
> >>>>>>>>>>>>
> >>>>>>>>>>>> Lean . Enterprise . Middleware
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Thilina Mahesh Buddhika
> >>>>>>>>>>> Senior Software Engineer
> >>>>>>>>>>> WSO2 Inc. ; http://wso2.com
> >>>>>>>>>>> lean . enterprise . middleware
> >>>>>>>>>>>
> >>>>>>>>>>> phone : +94 77 44 88 727
> >>>>>>>>>>> blog : http://blog.thilinamb.com
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Thilina Mahesh Buddhika
> >>>>>>>>>> Senior Software Engineer
> >>>>>>>>>> WSO2 Inc. ; http://wso2.com
> >>>>>>>>>> lean . enterprise . middleware
> >>>>>>>>>>
> >>>>>>>>>> phone : +94 77 44 88 727
> >>>>>>>>>> blog : http://blog.thilinamb.com
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Sanjiva Weerawarana, Ph.D.
> >>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>>>>>>>> email: sanjiva at wso2.com; phone: +94 11 763 9622; cell: +94 77
> 787
> >>>>>>>>> 6880 | +1 650 265 8311
> >>>>>>>>> blog: http://sanjiva.weerawarana.org/
> >>>>>>>>>
> >>>>>>>>> Lean . Enterprise . Middleware
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Thilina Buddhika
> >>>>>>>> Senior Software Engineer
> >>>>>>>> WSO2 Inc. ; http://wso2.com
> >>>>>>>> lean . enterprise . middleware
> >>>>>>>>
> >>>>>>>> phone : +94 77 44 88 727
> >>>>>>>> blog : http://blog.thilinamb.com
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Sanjiva Weerawarana, Ph.D.
> >>>>>>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>>>>>> email: sanjiva at wso2.com; phone: +94 11 763 9614; cell: +94 77 787
> >>>>>>> 6880 | +1 650 265 8311
> >>>>>>> blog: http://sanjiva.weerawarana.org/
> >>>>>>>
> >>>>>>> Lean . Enterprise . Middleware
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Stratos-dev mailing list
> >>>>>>> Stratos-dev at wso2.org
> >>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Stratos-dev mailing list
> >>>>>> Stratos-dev at wso2.org
> >>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev
> >>>>>>
> >>>>> Thanks,
> >>>>> Samisa...
> >>>>>
> >>>>> Samisa Abeysinghe
> >>>>> VP Engineering
> >>>>>
> >>>>> WSO2 Inc.
> >>>>> http://wso2.com
> >>>>> http://wso2.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Sanjiva Weerawarana, Ph.D.
> >>> Founder, Chairman & CEO; WSO2, Inc.;  http://wso2.com/
> >>> email: sanjiva at wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880
> |
> >>> +1 650 265 8311
> >>> blog: http://sanjiva.weerawarana.org/
> >>>
> >>> Lean . Enterprise . Middleware
> >>
> >
> >
> > _______________________________________________
> > Stratos-dev mailing list
> > Stratos-dev at wso2.org
> > https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev
> >
> >
>
>
>
> --
> Thanks & Regards,
> Prabath
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://wso2.org/pipermail/stratos-dev/attachments/20110125/2b9cccca/attachment-0001.htm>


More information about the Stratos-dev mailing list