如何无缝地验证用户身份以使用与 Google Apps 帐户关联的服务?
大家好,我正在构建一个基于 Google Apps 的解决方案。基本上,我将其设置为:
当 Google Apps 帐户持有者安装它时,他/她输入要使用的单个 Google Apps 帐户的身份验证详细信息 - 该帐户将由实例的所有用户使用已安装的系统,用于上传到与该帐户关联的 Google 文档并管理与该 Google Apps 帐户关联的 Google 日历条目。
上述用户可以创建其他用户并邀请他们从单独的登录屏幕登录,并且他们应该能够与系统的设施进行交互,这些设施允许与用于安装系统的 Google Apps 帐户关联的服务进行交互.
与原用户同域的任何其他用户也可以安装系统并自动关联到同域用户创建的实例。
我已经完成了第一部分和第三部分的设置,但第二部分是我陷入困境的地方 - 我将集中式 Google Apps 帐户的凭据存储在数据库中,并且需要一种使用详细信息进行无缝身份验证的方法,即我不这样做不希望用户必须添加登录详细信息,也不必经历必须请求许可才能允许应用程序访问 Google Apps 服务的过程 - 我希望当用户登录时,他们会自动透明地登录还可以登录 Google Apps 帐户并能够使用其服务。
我该怎么做,我希望取消“询问用户登录哪个帐户或 Google Apps 登录屏幕”的过程以及请求允许应用程序访问该帐户的权限的第二步。
我知道这是可以做到的 - 我已经安装了很多应用程序,但它们都不需要我经历这两个双管齐下的身份验证过程,我发现这是完全不必要的 - 我该怎么办? - 请帮忙!
Hi guys I'm building a Google Apps based solution. Basically I'm setting it up such that:
When a Google Apps account holder installs it he/she enters the authentication details for a single Googles Apps account to be used - that account would be used by all users of the instance of the installed system for uploading to Google Docs associated with that account and managing Google Calendar entries associated with that Google Apps account.
The user as mentioned can create other users and invite them to sign in from a separate login screen and they should be able to interact with the system's facilities which allow interaction with the services associated with the Google Apps account used to install the system.
Any other user of the same domain as the original user can also install the system and be automatically associated with the instance created by the user of the same domain.
I got parts one and three all set up but the second part is where I'm stuck - I'm storing the credentials for the centralised Google Apps account in a database and would need a way to authenticate seamlessly using the details i.e. I don't want the users to have to add in the sign in details nor have to go through the process of having to be asked for permission to allow the application to access the Google Apps services - I wish that when the users log in they are automatically transparently also signed into the Google Apps account as well and be able to use its services.
How can I do that I wish to do away with the process of 'asking the user for which account to sign in or the Google Apps login screen' and the second step asking for permission to allow the application access to the account.
I know it can be done - I've installed loads of applications and none of them require me to go through this two pronged process of authentication which I find quite unnecessary - what do I do? - Help please!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您见过 Zend Frameworks 的
Zend_Gdata
吗?它是一个用于访问 Google 数据的 PHP 5 接口,乍一看它似乎可以做您想做的所有事情。http://framework.zend.com/manual/en/zend。 gdata.introduction.html
Have you seen the Zend Frameworks'
Zend_Gdata
? It's a PHP 5 interface for accessing Google Data, at first glance it seems to do all the things you want.http://framework.zend.com/manual/en/zend.gdata.introduction.html
您将需要接管身份验证过程来处理 Web 会话的身份验证。好消息是您确实可以做到这一点(SSO / SAML),坏消息是这可能需要大量工作。
本质上,您可以构建自己的 SSO 提供商,将其放在您的域前面(以便它处理所有身份验证),并让它处理登录过程,以便根据您的需要无缝地进行。
在更高的层面上,听起来您正在使用单个帐户来代理多用户对 Google Apps 的访问;您可能想检查 TOS,因为我很确定这是不受欢迎的(破坏了可追溯性)。
You will need to take over the authentication process to handle authentication of Web sessions. The good news is that you can indeed do that (SSO / SAML), bad news is that it can be a lot of work.
Essentially you'd build your own SSO provider, stick it in front of your domain (so it handles all auth), and let it handle the login process so it's as seamless as you need it.
At a higher level, it sounds like you are using a single account to proxy multi-user access into Google Apps; you might want to check the TOS as I'm pretty sure that's frowned upon (kills traceability).