Users of cloud-based business applications shouldn’t have to create, remember and maintain new credentials for each of the many apps that they use. With applications on the
Google Apps Marketplace, they don’t need to-- these applications allow users to login with their existing Google Apps accounts using OpenID.
To enable the Single Sign On experience for Marketplace apps, developers simply need to add a universal navigation link and an OpenID realm to their
application manifest. Adding these elements is easy-- it’s just a snippet of XML:
<Extension id="navLink" type="link">
<Name>Amazing Cloud App</Name>
<Url>http://www.example.com/home.php?domain=${DOMAIN_NAME}</Url>
</Extension>
<Extension id="realm" type="openIdRealm">
<Url>http://www.example.com</Url>
</Extension>
With this XML in the application manifest, a link called “Amazing Cloud App” will appear in the universal navigation of all Google Apps. Also, if one of the realms specified in the manifest file precisely matches the
openid.realm in the OpenID request, then the user will be seamlessly signed into the app after clicking on the link in the universal navigation (without seeing a typical OpenID interstitial allow/deny page).
Of course, you’ll also need code in your application which accepts OpenID logins. In addition to open source libraries, here are a few companies that are making it easier for cloud applications to integrate with the Google Apps Marketplace. Their code provides simple APIs with which developers can integrate, leaving some of the complexities of the OpenID protocol to be implemented by the experts -- no need to hand-roll your own OpenID code.
- JanRain
JanRain’s open source PHP and Ruby OpenID libraries and on-demand RPX solution enabled the implemention of OpenID for many of the companies that launched on the Google Apps Marketplace by writing simple code or web service calls. - Ping Identity
Ping’s PingFederate is an on-premise service that allows SaaS applications to easily accept OpenID and SAML-based logins by integrating with their libraries or using their web server or application server plug-ins. - TriCipher
TriCipher’s myOneLogin Identity Services is an on-demand application that allows developers to accept OpenID, SAML and other federation protocols by writing simple web service calls.
Their are plenty of open source OpenID libraries available for other platforms, such as
OpenID4Java (using Step2 code for Google Apps) and
DotNetOpenAuth. More information on
implementing Single Sign On in Google Apps Marketplace apps can be found on code.google.com.
If you need additional information on building apps for the Google Apps Marketplace, see the
Developer’s Overivew on code.google.com.
Posted by Ryan Boyd, Google Apps Marketplace Team