Got it working! Here's what I did:
| Project: | Google Apps Authentication |
| Version: | 5.x-1.0 |
| Component: | Documentation |
| Category: | task |
| Priority: | normal |
| Assigned: | Andrupal |
| Status: | active |
I have a cPanel server compiled with OpenSSO already installed (OpenSSO can be installed with the WHM Apache easycompiler, if you have access) and Google Apps for Education for our domain.
Steps I took:
1) Download XMLSec from: http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.11.tar.gz
2) Upload tarball to root directory of server (location likely doesn't matter)
3) Use SSH telnet client to perform the following from the directory where you uploaded the tarball.
gunzip -c xmlsec-xxx.tar.gz | tar xvf -
cd xmlsec-xxxx
./configure --help
./configure [possible options]
make
make check
make install
I left the [possible options] section blank.
4) Follow the instructions for using OpenSSO at:
http://code.google.com/support/bin/answer.py?answer=71864&topic=12142
Note that the private key must be in pem format, and the public key
must be in der format. Make sure to note whether the keys are DSA
or RSA format, and place them in a location accessible to the
webserver.
5) Upload googleauth module to your sites->modules folder. Unizip. Activate....
6) Patch the module using the patch found at http://drupal.org/node/294844
7) Edit the module code to include document.acsForm.submit(); at the end of the $true_output variable XML stanza if you want the functionality described here http://drupal.org/node/177330
(I've attached a tarball of the module, as it exists after steps 6 and 7)
8) Edit module settings to include absolute paths to key files and xmlsec1
Edit access permissions to turn on googleauth for appropriate user roles
9) Edit Google Apps advanced settings to turn on SSO. URLs are as follows:
Sign-in page URL: base URL/googleauth/signin
Sign-out page URL: base URL/googleauth/signout
Change password URL: base URL
(the last one is weird...tried setting it to a custom node with instructors for password reset...didn't work.
Leave domain specific user blank.
Leave network masks blank.
10) That should do it...Keep in mind that if you have Google Apps users with no Drupal account, or who have not used their Drupal accounts in a long time, they will effectively be frozen out, b.c. Google WILL BE looking to Drupal to provide the username and password.
Thanks to all for making this module possible. Hope this helps others get it working.
| Attachment | Size |
|---|---|
| googleauth_mod.tar_.gz | 10.44 KB |