Google Apps + OpenID: logging in with your own domain name

Posted Sep 2 2010, 23:45 by William Shallum [updated Sep 3 2010, 00:44]

It’s easy! You need to add X-XRDS-Location header either in HTTP headers or in HTML <meta http-equiv="..." content="...">. The value to use is https://www.google.com/accounts/o8/site-xrds?hd=example.com.

A snippet from my config file:

        location = /index.html {
                add_header "X-XRDS-Location" "https://www.google.com/accounts/o8/site-xrds?hd=example.com";
        }
        location / {
                index  index.html index.htm;
        }

Testing

To test, you can use any OpenID consumer e.g. StackOverflow, or the test site linked from the reference below: puffypoodles.com. The resulting OpenID looks like secure:http://example.com/openid?id=nnnn where nnnn is a long string of numbers. It remains to be seen whether such OpenIDs can be reproduced using some other non-Google-Apps provider.

Note

This will tell Google to select an identifier, meaning if you’re logged on to Apps, it will default to your current ID, else it will tell you to log on first. Thus the identifier/OpenID URL entered in the login box is a generic one that can be used by any user in the domain.

References

• Discovering OpenID Endpoints for Hosted Domains: http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains

• Prev: SSLH: configuring logging, logrotate, and Logwatch
• Next: pkgsrc on linux: using nbpatch instead of GNU patch