After a lot of work on the Public and Private key generation, I finally got Google Apps and Moodle to talk to one another and it works. I am so happy.
Here were the steps I followed
Step 1: Download Moode-Google Integration "plugin"
Step 2: Unzip the files into your moodle installation.
Step 3: Follow these instructions for the moodle side:
Step 4: Create the Private and Public Keys for Moodle and Google Apps
- Login to Moodle as an Administrator
- Click Notifications to update block tables
- In the Site Admin menu, select Users. Next, select Authentication and click Google Authentication.
- Enter your Google partner page domain name.
Open up Terminal and enter in the following two strings:
- openssl genrsa -out rsaprivkey.pem 1024
- openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem
The first command creates the private key that is stored only on Moodle and the second command creates the public key that is stored on both Moodle and Google Apps.Step 5:
- Upload Private Key (rsaprivkey.pem) (if you don't have access to Terminal, visit Google Documenation Regarding Key Generation) to Moodle
- Upload the SSL Signing Certificate (rsacert.pem) (again, if you don't have access to Terminal, Google Documenation Regarding Key Generation ) to Moodle
- In a new window open Google Apps Control Panel page as admin (http://google.com/a/yourdomain.com)
- Click the Advanced tools tab.
- Click the Set up single sign-on (SSO) link next to Authentication.
- First check the Enable Single Sign-on box.
- Now insert this url into the Sign-in page URL text field. http://YourMoodleDirectory/login/index.php
- Insert this url into the Sign-out page URL text field. http://YourMoodleDirectory/login/logout.php
- Insert this url into the Change password URL text field. http://YourMoodleDirectory/login/change_password.php
- Upload the Verification certificate to Google (X.509 certificate containing the public key). This is the rsacert.pem file that you uploaded to Moodle already.
- Click the User Accounts tab in Google Apps.
- This displays existing users as well as a message that says "You can create up to ### user accounts for this domain" If you are using the Google User Sync block for account management, this number must match the number of accounts you plan on creating. Request more accounts if you need them by clicking the "request more" link on this page.
- Click the Settings link. Check the box to Enable provisioning API (otherwise users will NOT be updated).
- Click Save Changes.
- Click on Advanced tools in Google Apps one more time
- Click on "Manage OAuth Access"
- Upload your (X.509 certificate containing the public key) here too. This is the rsacert.pem file that you uploaded to Moodle already.
- Then copy to your clipboard (Control+C/Apple+C) the OAuth consumer secret
- Enable all of the google blocks in your Moodle Instance by logging in as an admin and then adding them to the front page.
- Open up the blocks admin (under modules) and click on the Gmail block.
- Paste the OAuth Consumer secret into the field that asks for it.
- Click Save Changes
- Click on the Google User Sync block in the blocks admin menu.
- Fill out your admin information for Google Apps
I blogged these instructions here as well.