I've been trying to get SSO for Google Apps to work with appengine. I've tried it both by implementing my own servlet that uses step2 and openid4java, and I've tried it using the UserService.
There are problems with both, but using the UserService would be ideal if only we were able set the realm so we skip the openid confirmation page. Skipping the confirmation page is a requirement for the Google Apps Marketplace. BTW, it would be nice if the the Google Apps dev documentation said something like "Don't try to use AppEngine's UserService because it won't work." This would really save some wild-goose-chases. Sadly, instead the python example they provide actually uses AppEngine's UserService - which actually sent me on a wild-goose-chase. Building a servlet using step2/openid4java to do the OpenID SSO that the Apps folks want wasn't so bad, but they also want all the OpenID communication secure, so you end up having to deal with https://foo.appspot.com URLS which are ugly and confusing to users. And I didn't actually find it terribly easy to implement session tracking when trying to bounce users from http://foo.com to https://foo.appspot.com. If anyone knows how to do that properly, I'd appreciate the help. So. Any plans to let us set the realm, because I think that would make all this much easier for people to build the SSO integrations that the Chrome Web Store and Google Apps Marketplace are wanting. Thanks, Stephen -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/2yAdMDbygyoJ. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
