Google Apps will work as Service Provide (SP) and we need to "introduce" Gluu Server with Google Apps as Gluu Server can work as Identity Provider (IDP).
1. Using SAML to get SSO with Google Apps Google Apps will work as Service Provide (SP) and we need to "introduce" Gluu Server with Google Apps as Gluu Server can work as Identity Provider (IDP). NOTE: It's highly recommended to use Google staging apps setup before Google production migration. If you have any question or confusion, please feel free to let us know. We need to configure both parties (Google Apps and Gluu Server) as they can talk to each other. Configuring Google Apps with Google dashboard: Login to dashboard.
2. * Click "Security" tab. *Got to "Advanced Settings" and select "Set up single sign-on (SSO)" feature. 3. Sign-in Page URL: https://idp_hostname/profile/SAML2/Redirect/SSO Sign-out Page URL: https://idp_hostname/idp/logout.jsp Change Password URL: Organization should provide this link if they have any link for end users. 4. Verification certificate: Update your IDP's (Gluu Server) SAML cert How to get the SAML cert of your Gluu Server? Use a domain specific issuer: Check it. 5. If you want to know more about Google SSO. This might help you. Configuration in Gluu Server: Now we need to create a Trust Relationship in Gluu Server as IDP can start it's SAML transaction with SP (in this case: Google Apps). In order to create a Trust Relationship, we need to grab the metdata of Google Apps. This metadata can be collected from Google. It's generally specific to organization account. Got the metadata? Great, we are ready to move forward. Create Trust Relationship for Google Apps: 1) How to create a trust relationship can be found here. We need to follow the "File" method for Google Apps trust relationship. 2) Required attributes: Generally a nameID attributes is required. Please talk to us to generate this nameID in your Gluu Server. 3) Relying Party Configuration: Yes, SAML2SSO should be configured. 6. *includeAttributeStatement: check *assertionLifetime: default *assertionProxyCount: default *signResponses: conditional *signAssertions: never *signRequests: conditional *encryptAssertions: never *encryptNameIds: never Article Source - http://gluu.webs.com/apps/blog/show/42831968- using-saml-to-get-sso-with-google-apps