Nowadays there are very popular applications like Face book Applications, Google Apps, Blogs, and Forms etc. The purpose of all this applications is collecting people to one place. But you may need to go for each and every web site or application and login to these applications separately. Most probably you may think how nice it is login to the all applications in one place under a secured environment. Yes. Now it is possible. Think there is a one web application to login and you can access all you applications from one place. You are not redirecting to any other applications. But still you are in the same web site. This is what we called SSO. SSO stands for Single Sign On. Google apps are also giving this feature. You can use some of their projects for this. But I saw there are a very few resources and references for this on the web. Now I have given some useful tips to run the .NET Google Apps web project which I got with my SSO experience.
Give your virtual directory an Application Name that does not have dots (.) in the name. To make sure you are not having naming issues, give a short name such as SSO_Dir as your Virtual Directory name.
If you are going to run your SSO application on the DNN application then you have to develop a special module. But I saw there are several issues while it running through the current DNN Framework. As a solution I propose this. Add your SSO project folder to the DNN root. If you are trying to run this application as a normal application on DNN you will see some errors. The solution is creating a sub domain for the main DNN domain and assigns the SSO root as the sub domain root path. Sometimes you may need hosing provider’s support for this. Now you can give the SSO prompt page as the Google signing page.
If your SSO application is a sub project or running through a sub domain as a sub application you will use an additional web.config file SSO application. But it may be an issue when you are running 2 web.config files under one project. Especially it is an issue in the DNN framework.
You will see this common error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS
Then move the Subfolder web.config Contents to the Main folder web.config file and keep them as one project. But still you can run your sub domain as a different application.
Still if you see above error then please check your backup folder. Normally your SSO application is coming as a VS 2005 project. But if you use VS 2008 you need to convert your project for 2008 version. In this process it is copying all files to this ‘Backup’ folder.
If you do not like this solution and if you want to keep the sub web.config file as it is you can remove ‘Authentication’ properties and session states properties from it. It will work if you are not using major properties from the sub web.config file.
When you are building your own SSO application for Google Apps you need to have a better idea about this process. You can have a better knowledge about the mechanism of Google SSO this is the place - http://code.google.com/apis/apps/sso/saml_reference_implementation.html
If you are using Visual Studio 2005 these are the steps to generate certificates for the SSO Apps from our VS command prompt.
Creating and installing a certificate
Run these commands from a command prompt. If Visual Studio 2005 is installed in a different location, change the commands accordingly.
makecert.exe will generate two files:
mycert.cer - certificate which contains the public key
mycert.pvk - contains the private key
pvk2pfx.exe will generate one file:
mycert.pfx - contains the private key, usable by .NET framework
That is what the procedure of Google team. It is not for 2008. If you are using Visual Studio 2008 this is the way to generate certificates.
You should change the certification name with the domain name and other details in the command as you want.
Now you will see the difference and the reason why I propose this way. You cannot find a folder called ‘C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin’ for VS 2008.
You must upload the certificates to the appropriate folder of the server which you’ve generated in your machine and to the Google Apps.
Also, please note SSO will not work if user is referred directly to
http://mydomain.com/GoogleAppsSso/Prompt.aspx. This is because a redirection from a Google Property (Docs, Gmail, Calendar...) is required in order to get the proper SAML Request and the Relay State. This a common mistake when Administrators try to refer their users directly to the SSO Prompt page.
For a success Google Apps Single Sign On application you need to pass SAMLRequest and RelayState. You can see this messages on text areas and when it is running successfully.You can hide it like this. Keep remember not to remove this text areas.
Also you can use hidden fields instead of text areas.
If you have any issues regarding the Google SSO, I like to support you. I hope to bring you more SSO tips for other applications as well in the future.
Give your virtual directory an Application Name that does not have dots (.) in the name. To make sure you are not having naming issues, give a short name such as SSO_Dir as your Virtual Directory name.
If you are going to run your SSO application on the DNN application then you have to develop a special module. But I saw there are several issues while it running through the current DNN Framework. As a solution I propose this. Add your SSO project folder to the DNN root. If you are trying to run this application as a normal application on DNN you will see some errors. The solution is creating a sub domain for the main DNN domain and assigns the SSO root as the sub domain root path. Sometimes you may need hosing provider’s support for this. Now you can give the SSO prompt page as the Google signing page.
If your SSO application is a sub project or running through a sub domain as a sub application you will use an additional web.config file SSO application. But it may be an issue when you are running 2 web.config files under one project. Especially it is an issue in the DNN framework.
You will see this common error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS
Then move the Subfolder web.config Contents to the Main folder web.config file and keep them as one project. But still you can run your sub domain as a different application.
Still if you see above error then please check your backup folder. Normally your SSO application is coming as a VS 2005 project. But if you use VS 2008 you need to convert your project for 2008 version. In this process it is copying all files to this ‘Backup’ folder.
If you do not like this solution and if you want to keep the sub web.config file as it is you can remove ‘Authentication’ properties and session states properties from it. It will work if you are not using major properties from the sub web.config file.
When you are building your own SSO application for Google Apps you need to have a better idea about this process. You can have a better knowledge about the mechanism of Google SSO this is the place - http://code.google.com/apis/apps/sso/saml_reference_implementation.html
If you are using Visual Studio 2005 these are the steps to generate certificates for the SSO Apps from our VS command prompt.
Creating and installing a certificate
Run these commands from a command prompt. If Visual Studio 2005 is installed in a different location, change the commands accordingly.
cd \projects\Google.Apps.SingleSignOn\key "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\makecert.exe" -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk mycert.cer "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\pvk2pfx.exe" -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
makecert.exe will generate two files:
mycert.cer - certificate which contains the public key
mycert.pvk - contains the private key
pvk2pfx.exe will generate one file:
mycert.pfx - contains the private key, usable by .NET framework
That is what the procedure of Google team. It is not for 2008. If you are using Visual Studio 2008 this is the way to generate certificates.
makecert.exe -r -pe -n "CN=My Domain" -sky exchange -sv mycert.pvk mycert.cer pvk2pfx.exe -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
You should change the certification name with the domain name and other details in the command as you want.
Now you will see the difference and the reason why I propose this way. You cannot find a folder called ‘C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin’ for VS 2008.
You must upload the certificates to the appropriate folder of the server which you’ve generated in your machine and to the Google Apps.
Also, please note SSO will not work if user is referred directly to
http://mydomain.com/GoogleAppsSso/Prompt.aspx. This is because a redirection from a Google Property (Docs, Gmail, Calendar...) is required in order to get the proper SAML Request and the Relay State. This a common mistake when Administrators try to refer their users directly to the SSO Prompt page.
For a success Google Apps Single Sign On application you need to pass SAMLRequest and RelayState. You can see this messages on text areas and when it is running successfully.You can hide it like this. Keep remember not to remove this text areas.
Also you can use hidden fields instead of text areas.
If you have any issues regarding the Google SSO, I like to support you. I hope to bring you more SSO tips for other applications as well in the future.
-
|
_513.gif)
Tuesday, October 16, 2012 3:22:00 PM
Great items from you, man. I've have in mind your stuff previous to and you're just extremely fantastic.
I really like what you've obtained here, really like what you are stating and the way in which through which you assert it. You are making it enjoyable and you continue to take care of to keep it wise. I cant wait to learn far more from you. This is really a terrific web site.
Here is my blog post the
Friday, November 09, 2012 5:36:00 AM
It's really a great and useful piece of information. I'm glad
thаt yοu simplу shared this helρful information wіth us.
Please ѕtaу us uр to datе lіke thіѕ.
Thank уou fοr ѕhаrіng.
Feel free to visit my homepage : galaxy note 2
Friday, November 09, 2012 10:52:00 AM
Wondeгful, what a ωeb site it is! Τhiѕ blog gіvеs
hеlрful datа to us, κeeρ іt up.
My web site :: rulettstrategiak.com
Friday, November 09, 2012 11:29:00 AM
Usually I do not reaԁ post on blogs, hоweveг I wοuld likе
to sаy that this write-up very compelleԁ me to check out
and do sο! Үour wrіting style has beеn ѕurprised me.
Thank уou, very great article.
Also visit my page - forex best traders
Friday, November 09, 2012 11:46:00 AM
Ηi, аlwaуs i used to сheсk ωeb ѕitе рoѕts here eаrlу іn the break of dаy,
for the reason thаt i love to lеaгn moгe аnԁ more.
Look at my weblog ... the binary option
Friday, November 09, 2012 3:41:00 PM
I leaνe a comment wheneѵer I like a аrtіcle on a wеbsite or if I have something to contribute
to thе converѕation. Usually it is саuѕeԁ by the passіon cοmmunicated іn the post I looked at.
And οn this аrtіcle "SAML Single Sign On for Google Apps in .NET and DotNetNuke".
I was actually excited enough to lеаνe a leave a reѕponsea геѕρоnse :-P I аctually do hаve sοme queѕtions
for уou if it's allright. Is it only me or do some of the comments appear as if they are written by brain dead folks? :-P And, if you are writing at other online social sites, I would like to follow everything new you have to post. Would you list all of all your community sites like your twitter feed, Facebook page or linkedin profile?
Also visit my weblog - stocks with options
Friday, November 09, 2012 4:57:00 PM
Hi, everything is going nicely here and οfcourse еѵery οne is ѕhaгing
infοrmаtion, that's actually fine, keep up writing.
Also visit my weblog ; vol location voiture