Google Apps for Education Sign On
Google Apps for Education is changing the way sign on works sometime in 2014 to make users include the domain, by forcing all users to use the 'new' Google accounts login process. This removes the nicely filled @Yourdomain.com in the username section when trying to login to a specific service. I don't like the idea of re-training all the users to login with their firstname.lastname@example.org, especially when some applications around school will only let them login with their username, and not with @Yourdomain.com stuck on the end.
In an effort to alleviate this, we're moving to a single sign on for all in-house web apps which interfaces with AD. We'd love to include this for Google Apps, too. I've been looking into some of the documentation available for Google Apps and was wandering if anyone has done / is doing anything similar? We've got a Server 2003 based domain. I've seen that AD FS can do SAML 2.0 stuff, but this only looks like later editions of AD FS which I'm not sure 03 will support. Ideally, if anyone has succeeded in doing this, we'd like to use our current in-house sign on process to just spit out the required SAML stuff to Google. Any tips, tricks, gotcha's for users who are doing something similar out there?