18410

Domain restricted authentication on Google App Engine

Question:

I've recently deployed a GAE application (namely <a href="http://www.stashboard.org/" rel="nofollow">http://www.stashboard.org/</a>) in order to help manage my company's application pool.

In order not to publish the pool's status tout everyone (customers, other companies...) i wish to allow access only to those who log in with their corporate account (ie : user@mycompany.com).

The domain "mycompany.com" is not managed by google.

When I set the Authentication Type to "Google Apps domain" i can no longer log in to the app, and i get a Error 500 instead:

<blockquote>

Error: Server Error

The server encountered an error and could not complete your request. If the problem persists, please report your problem and mention this error message and the query that caused it.

</blockquote>

The following error is logged:

<blockquote>

2013-10-21 14:42:57.856 /admin 500 55ms 0kb Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 194.206.149.66 - - [21/Oct/2013:05:42:57 -0700] "GET /admin HTTP/1.1" 500 0 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36" "xxxxxx.appspot.com" ms=56 cpu_ms=0 app_engine_release=1.8.6 W 2013-10-21 14:42:57.856

Authentication for the Google Apps domain mycompany.com can only be performed when requests are served from a subdomain of that domain or it has been approved through the Google Apps Control Panel. See <a href="https://developers.google.com/appengine/articles/auth" rel="nofollow">https://developers.google.com/appengine/articles/auth</a>

</blockquote>

The linked documentation doesn't help me much, and the admin in charge of Google Apps doesn't find how to "approve" the domain (appspot.com i guess) in the control panel.

FYI: this is my first time working with GAE, and that makes me the most experienced GAE user in my company... so yeah we're pretty clueless here.

Answer1:

In order to enable that and make it work, I think you'll have to add this Google App Engine app to your Google Apps domain dashboard. To achieve that you will have to manage the mycompany.com domain with Google Apps first. After that if you go to <a href="https://appengine.google.com" rel="nofollow">https://appengine.google.com</a> > locate your app > Application Settings > Add Domain and follow the steps there.

Once you will see your GAE app in the Google Apps dashboard, you might also going to need to add some stuff in the app.yaml to be able to restrict your users:

- url: .* script: main.py login: required

After redeploying the app the access should be restricted to only your desired domain.

Recommend

  • Laravel 5.2 Auth::check() on exception pages (layouts)
  • Adding new column to DataFrame with values dependent on index ref
  • Safari PHP form submission -file upload hangs
  • What is the best way to debug Bootstrap.groovy?
  • What is this strange character in chrome's resource css viewer?
  • AWS-SES: Handling Bounces for Invalid ISPs
  • Tools for understanding HTML layout
  • Changing Jupyter Notebook start up folder by modifying “start in” not working any more
  • Configure nginx to return different files to different authenticated users with the same URI
  • How to override value that appears in a dropdown in the rails_admin gem
  • hide missing dates from x-axis ggplot2
  • Can't remove headers after they are sent
  • TFS 2015 - Waiting for an agent to be requested
  • Do I need to seed any random number generator before using EVP_PKEY_keygen of OpenSSL?
  • Thread safety of a fluent like class using clone() and non final fields
  • Can you perform a UNION without a subquery in SQLAlchemy?
  • PostgreSQL Query without WHERE only ORDER BY and LIMIT doesn't use index
  • NHibernate Validation Localization with S#arp Architecture
  • How can I send an e-mail from a vbs script
  • Using $this when not in object context
  • Array.prototype.includes - not transformed with babel
  • Volley JsonObjectRequest send headers in GET Request
  • Accessing IRQ description array within a module and displaying action names
  • script to move all files from one location to another location
  • How to extract text from Word files using C#?
  • Running a C# exe file
  • Can a Chrome extension content script make an jQuery AJAX request for an html file that is itself a
  • Display Images one by one with next and previous functionality
  • Build own AppleScript numerical error handling
  • Websockets service method fails during R startup
  • Google cloud sdk not working when python points python3
  • Akka Routing: Reply's send to router ends up as dead letters
  • Numpy divide by zero. Why?
  • Is there a mandatory requirement to switch app.yaml?
  • SQL merge duplicate rows and join values that are different
  • Hits per day in Google Big Query
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Getting Messege Twice Using IMvxMessenger
  • Linking SubReports Without LinkChild/LinkMaster
  • XCode 8, some methods disappeared ? ex: layoutAttributesClass() -> AnyClass