Thread:Extension talk:OpenID/OpenID with Google Apps

We are hoping to set up a private cloud wiki and would like to make sure that it is locked down to users within our organization. We have a domain with Google Apps and this would be ideal to use for authenticating our users into the wiki. I am using a fresh install without any content though it is a canned bitnami hosted installation rather than rolling my own from the ground up.

I have been able to configure the OpenID extension and I can log in with my own Google credentials. I am not clear on whether I have locked it down to just our own organization or from Google if it would still authenticate any OpenID from any provider. I would like the user names to be the user part before the @ of the email address.

I have tried to search for specific instructions on configuring the OpenID extension to only use Google Apps but without success, if anybody can point me to a step by step guide I will attempt that before taking up anyone's time on here. To re-iterate, I want to only allow access to people in my domain authenticating with Google. (In future I may wish to grant access to users outside our Google App domain but have them sign up with a regular login and then manually grant them access.)

Meanwhile here are some details about our installation pasted from the Version page

MediaWiki 1.19.1 PHP 5.3.13 (apache2handler) MySQL 5.5.21-log OpenID(Version 1.004 20120427)

My LocalSettings.php looks like this (Domain name and wiki host changed) require_once( "$IP/extensions/OpenID/OpenID.php" ); $wgTrustRoot = "http://okthen.bitnamiapp.com/mediawiki/";
 * 1) At some point I will likely retarget an a record wiki.okthen.com to this host rather than keep the bitnami suffix. For the moment this is showing up in my connected sites apps and services in google.

$wgOpenIDOnly = true;

$wgOpenIDConsumerDenyByDefault = true;
 * 1) $wgOpenIDConsumerDenyByDefault possibly redundant given that I have $wgOpenIDConsumerForce on the very next line.

$wgOpenIDConsumerForce = "@^(http://)?okthen.com/@";
 * 1) the intent here is to ensure that only users from @okthen.com can be authenticated.

$wgOpenIDUseEmailAsNickname = true;
 * 1) we want firstname.lastname@okthen.com to have the nickname of firstname.lastname

$wgOpenIDTrustEmailAddress = true;

I have not been able to locate exactly where I can narrow down my openid provider to only allow Google. I have not modified anything in the OpenID extension folder.