I've recently deployed a GAE application (namely <a href="http://www.stashboard.org/" rel="nofollow">http://www.stashboard.org/</a>) in order to help manage my company's application pool.
In order not to publish the pool's status tout everyone (customers, other companies...) i wish to allow access only to those who log in with their corporate account (ie : firstname.lastname@example.org).
The domain "mycompany.com" is not managed by google.
When I set the Authentication Type to "Google Apps domain" i can no longer log in to the app, and i get a Error 500 instead:<blockquote>
Error: Server Error
The server encountered an error and could not complete your request. If the problem persists, please report your problem and mention this error message and the query that caused it.</blockquote>
The following error is logged:<blockquote>
2013-10-21 14:42:57.856 /admin 500 55ms 0kb Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 188.8.131.52 - - [21/Oct/2013:05:42:57 -0700] "GET /admin HTTP/1.1" 500 0 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36" "xxxxxx.appspot.com" ms=56 cpu_ms=0 app_engine_release=1.8.6 W 2013-10-21 14:42:57.856
Authentication for the Google Apps domain mycompany.com can only be performed when requests are served from a subdomain of that domain or it has been approved through the Google Apps Control Panel. See <a href="https://developers.google.com/appengine/articles/auth" rel="nofollow">https://developers.google.com/appengine/articles/auth</a></blockquote>
The linked documentation doesn't help me much, and the admin in charge of Google Apps doesn't find how to "approve" the domain (appspot.com i guess) in the control panel.
FYI: this is my first time working with GAE, and that makes me the most experienced GAE user in my company... so yeah we're pretty clueless here.Answer1:
In order to enable that and make it work, I think you'll have to add this Google App Engine app to your Google Apps domain dashboard. To achieve that you will have to manage the mycompany.com domain with Google Apps first. After that if you go to <a href="https://appengine.google.com" rel="nofollow">https://appengine.google.com</a> > locate your app > Application Settings > Add Domain and follow the steps there.
Once you will see your GAE app in the Google Apps dashboard, you might also going to need to add some stuff in the
app.yaml to be able to restrict your users:
- url: .* script: main.py login: required
After redeploying the app the access should be restricted to only your desired domain.