# README
googleapps
This provider uses SAML with Google Apps to enable authentication of users to AlibabaCloud.
prerequisites
Setup SSO to AlibabaCloud using Google Apps.
configuration
The key attribute in configuring this provider is the URL which can be copied from the google apps, application list (I just pulled it from the HTML). An example of this is as follows:
https://accounts.google.com/o/saml2/initsso?idpid=XXXXXXX&spid=YYYYY&forceauthn=false
Where the following attributes are replace with:
XXXXXis IdP identifier for your Google Apps Account.YYYYYis SP identifier for the AlibabaCloud SAML application, in your Google Apps Account.
2-factor support
Currently this provider supports:
- ToTP using applications like Google Authenticator or Authy
- SMS
- Google Prompt (Mobile Application)
prior work
In addition to my own effort deconstructing this, I also used the following as resources:
# Functions
New create a new Google Apps Client.
NewU2FClient returns a new initialized FIDO1-based U2F client, representing a single device.
# Structs
Client wrapper around Google Apps.
U2FClient represents a challenge and the device used to respond.
U2FDeviceFinder returns a U2F device.
# Interfaces
DeviceFinder is used to mock out finding devices.
U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348.