Introduction
For the Google SSO integration we configure Google to point to our IdP's.
Google Domain | IdP |
|---|---|
gdev.yale.edu | auth-dev.yale.edu |
gtst.yale.edu | auth-test.yale.edu |
yale.edu | auth.yale.edu |
Since the Yale IdP releases the transient id (netid) to anonymous SPs, you can configure Google as an anonymous SP to Yale IdP and it just worksGoogle does not sign there Authentication Requests we do not need a copy of their metadata. We do have to register our metadata with google. If we used the netid as the username are google, there would be no IdP side configuration, BUT since we want the username to be the primary alias (first.last@yale.edu) we must send that information over to google in the nameId. Below is how we do it.