Using EROpenID with Google Apps Federated login

Sample delegate for talking to Google Apps via Google's openID deferated login. Note Google does not support SRegRequest.

public class GoogleAppsDelegate extends EROpenIDManager.DefaultDelegate {

	public List<MessageExtension> createFetchMessageExtensions(String userSuppliedString, WORequest request,
			WOContext context) throws MessageException {
		ArrayList<MessageExtension> exts = new ArrayList<MessageExtension>();
		FetchRequest fetchRequest = FetchRequest.createFetchRequest();
		fetchRequest.addAttribute("Email", "", true);
		return exts;


Then override appendToResponse your standard login page with something like this:

public void appendToResponse(WOResponse r, WOContext c) {
		// Assume client and realm exists.
		if (client.doesOpenID()) {
			String url = ((ERXWOContext) c).directActionURLForActionNamed(ERODirectAction.class.getName()
					+ "/openIDRequest?" + "identity=" + client.openIdIdentity() + "&realm="
					+ realm, null);
			r.setHeader(url, "location");
		} else {
			super.appendToResponse(r, c);

Notes: the realm needs to be something static and explicit to your app. We use this:

WOApplication.application().webserverConnectURL().replaceFirst("http", "https")

client.openIDIdentity() should return something like this:

where openid is an XRDS document. comprehensive instructions on setting up the rest is here:

  • No labels