OpenAM can serve as the identity provider when you use Google Apps for Business.
Install & Configure OpenAM
- See the latest draft of the OpenAM Installation Guide for instructions.
- Configure a certificate for the Signing Key in the OpenAM key store.
The key store is under the OpenAM configuration directory, for example$HOME/openam/openam/keystore.jks. - Set up a identity repository for your users.
Your users must have the same user IDs in OpenAM and in Google Apps.
Create a Hosted Identity Provider
- In the OpenAM console Common Tasks page, click Create Hosted Identity Provider.
- Accept the default values, and provide a name for your New Circle of Trust before clicking configure.
- On the "What would you like to do next?" page, click configure Google Apps.
Configure Google Apps for Single Sign-On
- Add the domain name you registered with Google Apps in the Configure the Remote SP list.
- Click Create.
- On the "Google Apps Single Sign-On Configuration" page, download a copy of the Verification Certificate.
Enable Access to the Google Apps API
- Follow the instructions at the bottom of the "Google Apps Single Sign-On Configuration" page.