Google Apps + OpenID: logging in with your own domain name
Posted Sep 2 2010, 23:45 by William Shallum [updated Sep 3 2010, 00:44]
It’s easy! You need to add X-XRDS-Location
header either in HTTP
headers or in HTML <meta http-equiv="..." content="...">
. The value to
use is https://www.google.com/accounts/o8/site-xrds?hd=example.com
.
A snippet from my config file:
location = /index.html {
add_header "X-XRDS-Location" "https://www.google.com/accounts/o8/site-xrds?hd=example.com";
}
location / {
index index.html index.htm;
}
Testing
To test, you can use any OpenID consumer e.g. StackOverflow, or the test site linked from the reference below: puffypoodles.com. The resulting OpenID looks like secure:http://example.com/openid?id=nnnn
where nnnn is a long string of numbers. It remains to be seen whether such OpenIDs can be reproduced using some other non-Google-Apps provider.
Note
This will tell Google to select an identifier, meaning if you’re logged on to Apps, it will default to your current ID, else it will tell you to log on first. Thus the identifier/OpenID URL entered in the login box is a generic one that can be used by any user in the domain.
References
- Discovering OpenID Endpoints for Hosted Domains: http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains