I am trying to integrate the single sign on for my application running on Google app engine platform. I am using SAML 2.0 protocol to get this done. My organization already have the identity provider using LDAP, which configured in such a format (https://sso-companyname/appname). For this configuration, its took following details
- XML metadata for their assertion consumer service (ACS) (https://www.google/companyname/a/acs),
- a list of the LDAP attributes to be sent (email),
- which attribute is to be used as the subject of the assertion (company enterprise id),
- the RelayState URL at the relying party site to send the user after the SAML Response assertion has been validated, (application target URL form GAE deployment. like (https://appname-dot-projectid.appspot.com)
- a short name (less than 7 characters) of the application to be used in the URL, (given as app name)
According to this configuration, the ACS is not for a particular GAE application, so I am getting 400 error from the google server.
Can some one help me on how to create ACS for a single GAE application and would able to explain the SSO for GAE web application would be grateful.
The web application using Python jinja2 frame-work for the UI, webapp2 for the routing. It will call the google-big-query to populate the data to UI, currently, it is using Python standard environment of GAE, and OAuth 2 method to authenticate and call the big-query API to get data. So some people don't have the GCP/Project access, doesn't able to view the data. to resolve this we trying to implement SSO on top of the application.
