问题
Problem:
My organisation, ExampleFooBar, uses Google Apps. On our website I want to enable OpenID Single Sign-In (like StackOverflow), but only allow @examplefoobar.com email addresses to sign in. What OpenID url should I use for a Google Apps email address?
As per comments on Include OpenId in drupal, the domain
http://www.google.com/profiles/<username>
can be used for normal Google accounts, but this doesn't work for Google Apps accounts.Google also provides the url
https://www.google.com/accounts/o8/id
but using that would allow any google user who found our website's login page to sign in, as the sign-in page accepts any google account name.
What Google URL can I use to ensure only @examplefoobar.com email addresses can sign in?
Google documentation for Google Apps OpenID is at http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html, but is incredibly unhelpful.
回答1:
By aaronsnoswell:
The OpenID url google.com/accounts/o8/site-xrds?hd=examplefoobar.com
will restrict email entries to @examplefoobar.com
. Additionally, I had to enable OpenID Single Sign in from the Google Apps administrator page. Hope this helps someone!
http://jeremiahlee.com/blog/2009/09/28/how-to-setup-openid-with-google-apps/
Google Apps (for business) OpenID login for ASP.NET intranet site
回答2:
The OpenID url https://google.com/accounts/o8/site-xrds?hd=yourdomain.com will restrict entries to @yourdomain.com. You also need to enable OpenID Single Sign In from the Google Apps admin page at http://www.google.com/a/cpanel/yourdomain.com/SetupIdp
You should also add an X-XRDS-Location header on your website at yourdomain.com/openid in the format:
X-XRDS-Location: https://www.google.com/accounts/o8/site-xrds?ns=2&hd=yourdomain.com
来源:https://stackoverflow.com/questions/8877985/google-apps-openid-url