This article, Federating to Google Apps with OpenSSO, (login or registration required) explains how to simultaneously control access to in-house applications and those hosted by the Software as a Service (SaaS) provider Google by using OpenSSO. SaaS applications are also sometimes referred to as on-demand software, web-based software, or hosted software. In a SaaS based delivery model, a commercial vendor develops the software, hosts its operations, provides Internet-based access, and supports applications for its end users and customers.

SaaS applications run on a SaaS provider’s servers. The provider manages access to these hosted applications, including availability, performance, and security. Some popular SaaS providers are Amazon, My Yahoo, Salesforce, NetSuite and Google.

Google Apps is a package of integrated online applications with functionality similar to traditional office suites. Applications in the package include Gmail, Google Calendar, Talk, Docs, and Sites. These services can help businesses, schools, social groups, or families communicate and collaborate effectively. They are delivered using the SaaS delivery model.

Identity federation enables partner organizations to trust and share digital identities and attributes of employees, customers, and suppliers across domains. Identity federation is the means to providing single sign-on among partner sites.

OpenSSO helps provide a comprehensive security and identity management framework for implementing federated identity infrastructures. The Federation framework places no restrictions on the use of network technologies, computer hardware, operating systems, programming languages or other hardware or software entities. It is based on, and conforms to, open industry standards to achieve interoperability among different vendors on heterogeneous systems, and provides the facility to log identity interactions and erroneous conditions.

Google Apps offers an SSO service based on Security Assertion Markup Language (SAML). The service provides partner companies control over the authorization and authentication of hosted user accounts that can access web-based applications like Gmail or Google Calendar. Using the SAML federation standards-based model, Google acts as the service provider.

Google partners act as identity providers and control user names, passwords, and other information used to identify, authenticate, and authorize users for the SaaS applications hosted by Google. OpenSSO provides fast, lightweight federation enablement for Google Partners (Identity Providers) to connect and federate with Google Apps, in minutes. Federation with Google Apps using OpenSSO is easy to configure and deploy.

Integration of Google Apps with OpenSSO and federation setup is straightforward. The Google Apps Setup Task Flow Wizard in OpenSSO enables users to configure the integration easily. The procedure can be broken down into four main steps, each of which the paper considers in detail:

• Satisfy Integration Prerequisites
• Configure OpenSSO for Federation with Google Apps
• Configure Google Apps Single Sign On
• Verify the Single Sign On Setup

A subsequent chapter, "Understanding SAML-Based SSO Flow with Google Apps," discusses how SSO works with Google Apps. After an overview, the paper teaches readers how to use the Mozilla Firefox web browser to gain insight into OpenSSO interactions and see how the system works in detail. The discussion is illustrated with numerous screen shots and code samples.

The paper concludes with the observation that the problem of simultaneously controlling access to in-house applications and applications such as Google Apps, hosted by a SaaS provider can be solved with identity federation provided by OpenSSO. After setting up identity federation, users can monitor and, if necessary, troubleshoot the installation with the Live HTTP Headers and HackBar add-ons for the Firefox web browser.

More Information

OpenSSO

Google Apps [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter