The documentation for Google App Engine Federated IDs states:
WARNING: at the time of this writing, OpenID is not supported if your app runs in secure mode using HTTPS.
I am just checking to see if this is still the case. The bug seems to be related to Issue 3586, which remains unresolved.
There is a similar question, but it has not been updated in two years: Secure remote_api in app engine with OpenID.
If I understand correctly, this issues means that one cannot use OpenIDs with Google App Engine if your app requires SSL. Do I understand correctly? Are there any workarounds (e.g. Janrain's RPX)?
Related
I have set up a custom domain website using a PHP Google Cloud App engine. After some third party security testing i've been advised to disable the use of cipher suite DES-CBC3-SHA (TLS_RSA_WITH_3DES_EDE_CBC_SHA).
I'm trying to find out if its possible to disable this for a Google PHP App engine? Most of what I can find online either doesn't answer this particular question or is somewhat out of date.
I found this post useful, Can Google App Engine Java support TLS>1.0 . This suggests it's not possible, however it doesn't actually answer the question, it just concludes that if its good enough for google it should be fine.
Currently it is not possible to disable this cipher suite for a custom domain on the user end. However, it is possible to file a ticket to the GCP support and ask them to do this for your domain.
Does anyone know if it is going to be possible anytime soon to setup SSL for a custom domain without a Google App account directly from the Google cloud developers console? Signing up for yet another Google account is bordering on making me insane.
I have setup a custom domain via the Google cloud developers console for my app project, and this is serving as a naked url...no problem.
Then I tried to setup a Google App account with an existing account linked to my Google App Engine project as an owner, but it didn't like it. So I setup a new one (deleted now) and re-verified the custom domain, which then stopped the serving of the custom domain. I then deleted the Google App account and it started serving the custom domain again. I have no idea why, what or how...
I have purchased an SSL certificate from Comodo, not yet activated, and all I want to do is set it up without giving myself an emotional hernia, I get enough of those from coding! And, yes, read the docs, but you know, they suck! A step by step idiots example would be great!
Does anyone have a guide other than a google doc on how to setup SSL for a custom domain including activating the SSL cert etc. etc.
Thanks one and all
Ok, I have discovered that Google are moving the SSL setup to their developers cloud console at the end of August 2015. So I shall wait until then to see what that process is like and then decide to go with it or perhaps use Cloudflare or some other alternative if there is one.
See https://code.google.com/p/googleappengine/issues/detail?id=777
We have added support for custom domains for App Engine from the
Google Developers Console, meaning you can now associate a custom
domain without first associating that domain with Google Apps.
To access the feature, visit https://console.developers.google.com/
and you will find the option to add a custom domain under App Engine >
Settings.
NOTE: Currently we do not support SSL on custom domains created
through this method (although we expect to rectify this in a future
release). In the meantime, we continue to support SSL (via VIP or SNI)
for custom domains that are created through Google Apps, and we
continue to provide free HTTPS for all *.appspot.com domains.
I'm trying to use a subdomain to serve a matching version id with Google App Engine and Google Apps. I've gone through the documentation but it's still unclear to me.
On this page regarding custom domains, it says I'm in a special case for using Google Apps. test.example.com -> to load "test" version of the application.
https://cloud.google.com/appengine/docs/domain -
Note that the instructions on this page are for App Engine apps that use an ordinary HTTP connection and are not served through Google Apps. Here are some related procedures that require different instructions:
This leads me to here https://support.google.com/a/answer/91080
It looks like the only way to add this subdomain in Google Apps is the Sites URL field.
Will the Sites URL correspond to the App Engine version ID?
You only need to use Google Apps to map an appengine app to a domain if you need https. Right now, Google Apps is the only way you can upload an SSL cert - hence this restriction.
If you do map your appengine app to a domain through google apps, you can do what you want by using wildcard subdomain mapping. Read more here..
The whole process is tedious, slow, and painful, and thats only when its not confusing, so put aside a good few hours to make all the changes and wait for DNS to propagate.
I have created google app engine application. It works fine in my local system and also deployee successfully on server. but that url http://****.appspot.com/_ah/api/employeeendpoint/v1/employee/1 gives me below response.
{"error":{"errors":[{"domain":"global","reason":"sslRequired","message":"SSL is required to perform this operation."}],"code":403,"message":"SSL is required to perform this operation."}}
I have also try with https://****.appspot.com/_ah/api/employeeendpoint/v1/employee/1 but still not working.
Certain Google Cloud Platform products require SSL, you can simply enable SSL from your Cloud Console and it should work.
The documentation for App Engine, for Compute Engine, and for Cloud SQL.
I have a domain I bought (via godaddy.com) - let's call it xyz.com
I have an gae app - let's call it xyzweb.appspot.com
I added a masked redirect at godaddy dns management console and now xyz.com gets redirected to xyzweb.appspot.com (even though the address bar shows xyz.com)
This stops working well in some cases like when I give a direct url redirect like href='/static/url/tohelppage.html' or when I attempt to redirect for OAuth authorization. So I read other posts on what I need to do and the most referred one was https://developers.google.com/appengine/docs/domain.
Based on that page it appears that it is necessary to sign up for a new Google Apps account with the new domain name?
So I Have to pay for Google Apps separately beyond what I am paying for Google AppEngine?
And also manage a separate apps domain and its services? I already have google apps domains and this seems more overhead to run a small app on gae.
Could you please help me understand if I've understood this right? And if there is a way to avoid the additional overhead of an extra google apps account?
The way that I do this, is I set up a basic google apps account (which is free), and I link the GAE app to my google apps account. Then you can set google apps to alias "www" to the appengine app, and now your appengine app works on www.yourdomain.tld
It's explained more here, which I know you already looked at, but it explains it well. Try reading it again.