OpenSSO, SSOCircle & Google Apps

I've participated in some interesting discussions over the past few months on federating with popular SaaS applications such as Google, Dopplr, WordPress or Twitter. Federated SSO offers organizations some very nice options for integrating top SaaS applications to create a best of breed internal infrastructure for employees.

Organizations should not have to worry about hosting their own blog servers, wikis, and calendars when they can simply federate with best of breed offerings and secure the identity accessing them. Rather than having to choose one vendor they should be able to choose from a smörgåsbord of SaaS apps to construct the infrastructure that best meets their need.

A great example of this is SSOCircle, which has put together a federated relationship with Google Apps using OpenSSO (the code base from which Sun's Access Manager and Federation Manager are produced). Check out the screens below that show me signing up for SSOCircle and also generating a federated relationship with Google Apps. Very simple yet powerful example of federated SSO using SAML 2.0 single sign-on.

1. I go to SSOCircle and click the Login button on the left hand side of the screen. (Note the beautiful OpenSSO logo prominently displayed on the page.)





2. I enter my SSOCircle credentials and click Log In.





3. I'm now logged in to SSOCircle and you can view my google apps email, which is an ssocircle.com email address.





4. I click the ssocircle email link and it logs me in directly to Google Apps, Google Docs or Google Calendar. Note the SSOCircle email address. Pretty funky.

Comments:

Nice entry, Daniel. It's even more funky with client certificate authentication - another OpenSSO feature that SSOCircle have done a great job of showcasing. Just login with username/password then click 'Auto-Enrollment' at the top.

Posted by Pat Patterson on December 17, 2007 at 12:22 PM PST #

I just got SSO to Google Apps working with Sun Access Manager, by actually integrating Google Apps with simpleSAMLphp, then protecting simpleSAMLphp with a Sun AM Agent and altering simpleSAMLphp to use the passed REMOTE_USER header. Slightly more documentation is available at http://docs.google.com/Present?docid=dhf4nhnj_4dk9b5sgt .

Posted by Ryan Fox on May 22, 2008 at 10:03 PM PDT #

Hi Ryan - neat stuff. BTW - the OpenSSO integration with Google described here - https://opensso.dev.java.net/servlets/ReadMsg?listName=users&msgNo=2227 (see also Bastien's followup - link at the bottom of that page) should work fine with AM. The two approaches just make different trade-offs - a custom account mapper vs using simpleSAMLphp as a bridge.

Posted by Pat Patterson on May 23, 2008 at 03:14 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Read my extraordinary thoughts about the world of identity and access management. As an identity child prodigy, I have much to say about these subjects.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today