[OpenID] got an openid OP to Google SAML2 bridge working

[Peter Williams]

Took twice as long as I expected, but last night late I got to present my openid to accomplish access to my Google Apps site, via Google's SAML2 endpoints.

This is somewhat similar in concept to that guy who was running an openid gateway to Yahoo accounts, before Yahoo offered native openid (to other RPs)

Bascially, from a joint IDP/OP hub site, do sp-initiated websso using openid auth to a consumer site that auto redirects to start SAML2 sp-initiated websso against a particular (consumer-linked) Google Apps target. The nature of two back to back sp-intiated websso flows (one openid, one saml2) is such that if you have a both sessions in the one IDP browser, you get the effect of websso and auto-logon - despite the bridging. Its just a lot of redirects!

Well! That made it worth all the effort Ive spent understanding UCI, to date. Obviously it works for any SAML2 endpoints, including those using Ping's auto-connect model. Would not be much now to have it bridge openid to openid, to skirt Yahoo RP controls , etc.

Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080307/a464feef/attachment-0001.htm>