Adding a pre integrated cloud application on G Suite - single-sign-on

I have a SAML-enabled web app, and many of our customers use G Suite as an identity provider. We have been working with each of them to set up a custom SAML app so they can use G Suite to SSO onto our app, but we would really like to be listed as a pre-integrated app, as described in the blog and the support docs.
After hours of independent searching and chatting with G Suite support, I've been unable to find any sort of application form to get my app listed. This process was really straightforward with IdPs like Okta, Azure ADFS, etc... and I can't for the life of me figure out how to do it for G Suite. Any guidance would be greatly appreciated.

After cycling through 3 different G Suite support reps, eventually one connected me to a different G Suite support rep who emailed me a link to a Google form where I submitted the details of my request. Evidently I'll hear back sometime in the next month. I would link the form here but I don't want to run afoul of the powers that be while my submission is still under review ;)

Related

Migrating from Chrome store to g suite marketplace

My app got bumped from the Chrome store and it looks like it needs to be moved to the g suite marketplace. I started the configuration process and right away at the top it says "your account does not belong to the same domain as this cloud project or app". This application was written under my incubator company then a new company was spun up and the app was moved over. But the operations and startup of the application for many years was under the original domain. I can't migrate the google side of the application/oauth/etc over without seriously impacting my business customers. But I own both domains. I can't seem to proceed and I'm thinking this may be why. What can I do? I need to get this app installed at several new customer's locations.

Microsoft Graph / Outlook REST; what is the process to get the application live/public available for use by our customers and how long does it take?

In our experience with other APIs there is usually a test/private mode and then after the app is approved it can go into live/public mode.
After we create an application based on Microsoft Graph / Outlook REST, what is the process to get the application live/public available for use by our customers and how long does it take? Or is it already live?
Your question isn't really specific, so I'll just answer the general question.
Everybody can create an application for the Microsoft cloud. There isn't a test environment, so every application is live the moment you create it (and switch on multi-tenant). It is always up to the user (or tenant admin) to grant your application access!
Microsoft does however offer various ways to get your application under the attention of a much larger audience. And to get your application in such a marketplace they have various review/test/... processes in place.

Best practices designing sandbox for REST api

We are developing some REST api's for internal use. To test these microservices we are toying with the idea that every service has a sandbox mode so we can do integration tests that are as close as possible to the real deal.
To see if this path is worth trying we are looking for documentation / best practices on how to manage this sandbox and how to implement this internally. When we look for the keywords Sandbox, REST API and Best Practices we only find how to implement as consumer of existing sandboxes.
So does anyone have some documentation / links in how to tackle this problem and what the pro's and con's are of the different ways?
Kr,
Thomas
I'd say there are two ways to proceed:
Basic: keep a separate sandbox instance of a service. You always deploy a new code to this instance first and run automated/manual tests to verify if everything works fine. A datastore could be a snapshot from the production data or artificial testing data. I would rather we have a "Snapshot" but it depends whether it is applicable in your particular case (privacy etc.)
Advanced: I spied this technique on Facebook Marketing API. This API provides an interface to set up and launch advertising campaigns. They didn't provide a sandbox api for testing purposes (at least last year when the system I was working on had been integrating with Facebook). However if you use a keyword "test" in a name of a campaign or an adset (key entities in the ad world) they would never launch and spend your money. You can try extend this concept on your particular domain and run tests on (or very close to) your production
Hope this helps

Can Coded UI Tests Be Used with External Sites?

I'm trying to figure out a way to automate testing for Single Sign On (SSO).
For us the process is as follows:
The user logs onto https://www.identityprovider.com
They click a link that takes them to our authentication server (the application that we are testing).
They are automatically logged into one of our web application (www.serviceprovider.com).
Writing useful unit tests for this seems to be difficult because of the protocols used for SSO (SAML, OAuth), and so I thought that a good way to do the testing would be via recorded step testing through something like MS Coded UI tests or Selenium. We would prefer to go with MS Coded UI tests because of the integration with the VS solution.
That said, can anyone tell me if I can start my CodedUI test from an external website (for example: google.com), or am I limited to my local solution?
You are able to hand code that.
BrowserWindow bw = BrowserWindow.Launch(new System.Uri("http://google.com""));

Integrating Moodle and ASP.NET Identity 2.1

TL;DR: I'd like to make a Moodle installation and an ASP.NET Identity-based site share authentication. If they have a single login page, so much the better, but logging in to one should automatically log into the other; logout should also be shared.
I have a Moodle installation (M) at www.example.com/moodle, and another website (O) at www.example.com.
O is written using .NET 4.5.2 and has areas that require authentication to access, managed using ASP.NET Identity 2.1 with a custom user model. This model is not particularly sophisticated. It is essentially the out-of-the-box model, but with integer IDs rather than GUIDs.
M is version 2.6, with intentions to upgrade to the latest version (currently 3.1) in the near future.
Both are accessible via the public Internet; there is no requirement to be on a private network to access them.
I know of no plans to move either M or O onto a different domain. However, if one or both was to move, I imagine they would move to a subdomain of example.com.
I would like to create a single-sign-on system, allowing a login for M to also log the user into O. As it stands, I am using the external database authentication plugin for Moodle, with M referring to the database for O. While this works, it does require the user to log in twice. I would like to set it up so that logging in to either M or O will also log the user in to the other site.
I am able to create matching hashes from PHP and .NET code. Unless it is particularly relevant to the solution, please consider the creation of hashes out of scope.
Some users of M are using Moodle's built-in authentication. However, unless it is particularly relevant to the solution, please consider the migration of users out of scope.
I'd prefer O to manage users, if possible. M, by nature of being Moodle, will have to have its own records for the users, but I'd like it if they were similar to the records used by the external DB plugin: just saying that the user exists and can be found elsewhere.
Things I have tried, investigated, or considered:
Moodle's external database plugin. This is how it works at the moment. It sort of works, but requires multiple logins.
Automating the multiple logins. I've experimented with taking the posted credentials, making a HTTP request from the server to the sites' respective login forms when logging in, lifting the cookie out of the response, then sending that cookie back to the client. This also works, but it's clunky at best, and is reliant on the cookies not getting out of sync.
Using PHP's DOTNET library and doing...something. All of the documentation that I can find says that DOTNET does not work with anything other than .NET 2.0, 3.0 or 3.5. I'm using 4.5.2, so this seems like a no-go. I don't know what I'd do even if I could get it to work with more recent versions of .NET.
Somehow getting Moodle to accept the ASP.NET Identity cookie in place of its own. This seems like the most fruitful course, given that it is a single cookie to manage.
To wrap up: I'd like to make M and O share authentication. If they have a single login page, so much the better, but logging in to one should automatically log into the other; logout should also be shared. Is this possible, and does anyone know how I should go about it?
Maybe take a look at SAML.
I believe that .NET 4.5 supports SAML?
https://msdn.microsoft.com/en-us/library/ms733083%28v=vs.110%29.aspx
On the server, install simplesamlphp.
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
It can be used both as a service provider and as an identity provider.
Then install this SAML plugin in Moodle :
https://moodle.org/plugins/auth_saml