Google SSO gem supported by ELC Technologies. Read more about our Ruby on Rails development services and commitment to the Rails community at elctech.com
GoogleSSO
by Thomas Ormerod
== DESCRIPTION:
Provides single-sign-on to Google premier services.
== FEATURES/PROBLEMS:
Uses an incomplete xml canonicalizer.
== REQUIREMENTS:
Core classes only
== INSTALL:
sudo gem install google-sso
== USAGE:
1. Generate an RSA key (DSA has issues with ruby/openssl)
1. openssl genrsa -out privkey.pem [strength ie. 1024, 2048]
2. Create a self-signed certificate (or signed your choice)
1. openssl req -new -x509 -key privkey.pem -out cacert.pem [optional -days ie. 1095]
3. Go to https://www.google.com/a/YOUR-DOMAIN and login as administrator
1. Advanced tools > Single sign-on
2. Enable Single Sign-on
3. Set your Sign-in page URL to your sites login page
4. Set your other URL's
5. Save
6. Upload your certificate (cacert.pem)
7. Logout
8. You have now enabled single sign on.
Anytime a user attempts to access a Google service with /a/[your domain]
on the end they will first have to authenticate through you, unless they
previously authenticated and a cookie is set.
GoogleSSO
by Thomas Ormerod
== DESCRIPTION:
Provides single-sign-on to Google premier services.
== FEATURES/PROBLEMS:
Uses an incomplete xml canonicalizer.
== REQUIREMENTS:
Core classes only
== INSTALL:
sudo gem install google-sso
== USAGE:
1. Generate an RSA key (DSA has issues with ruby/openssl)
1. openssl genrsa -out privkey.pem [strength ie. 1024, 2048]
2. Create a self-signed certificate (or signed your choice)
1. openssl req -new -x509 -key privkey.pem -out cacert.pem [optional -days ie. 1095]
3. Go to https://www.google.com/a/YOUR-DOMAIN and login as administrator
1. Advanced tools > Single sign-on
2. Enable Single Sign-on
3. Set your Sign-in page URL to your sites login page
4. Set your other URL's
5. Save
6. Upload your certificate (cacert.pem)
7. Logout
8. You have now enabled single sign on.
Anytime a user attempts to access a Google service with /a/[your domain]
on the end they will first have to authenticate through you, unless they
previously authenticated and a cookie is set.