-1

We've got our LDAP connected portal developed in an IIS7 PHP environment. We've been tasked with integrating Google Apps, so that once a user is signed in to our portal, they can simply click and icon for Gmail or Google Calendar, and be signed in to their Google Apps for Education account. From what I understand, it's necessary to send the information to an Identity Provider before sending the credentials to Google.

Is there an open source solution, or collection of solutions that can provide this, or must we choose a paid service?

beta208
  • 103
  • 5
  • This is probably better suited for stackexchange than here, but you are probably looking for [Federated Login for Google Account Users](https://developers.google.com/accounts/docs/OpenID) –  Jun 26 '13 at 20:19

1 Answers1

1

You're going to need a SAML 2.0 identity provider (IdP) to do what you're looking for. I use the SimpleSAMLphp product with my education customer to give them single-sign-on integration with their Active Directory and Google Apps for Education. Have a look at Google's documentation for single-sign on to give you an idea of what they support.

Be forewarned that Chrome Sync and Chromebooks (and probably a whole lot of other Google services) don't support logon w/ SSO right now. We're transitioning away from SSO to (ugh) giving Google our password hashes because we need these things to work. (Personally, I wish Google took SSO more seriously because I really, really dislike having to give them our password hashes.)

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331