I am using google apps as the mail server for my college's website but I can't figure out how to enable single user sign on. The main problem is that everyone has to sign in through a page hosted by google having some irrelevent content. Google check where the data is being posted from so I cannot use a form of my own for this purpose. The page even has a javascript which prevents me from using it in an iframe. I did some research and found out that I need to buy a public key certificate to enable single user sign on (makes sense, google wants a secure login page). I don't think I would be able to convince the college authority to shell out more money especially after I just got the hosting upgraded. If anyone knows a way to sign into google apps without involving a google hosted sign in page please let me know.

The free email apps service by Google is just that--it's free because it cannot be customized. The best you can do is to change GMAIL logo to your own logo. That's about it. You can manage email URL such that instead of mail.google.com/your-site it can be mail.your-site.ext but you will need to change CNAME records for this one.

Another trick to customizing email URL is build an index page where it redirects from your domain to mail.google, i.e. your-site.ext/mail --redirect script to-- mail.google... but that's another topic (unless you want to start with this).

Anything else to modify how it's logged in could be a form of "hack" unless, as you discovered, purchasing a public secure key.

If Google require your login page to be secure, you could always try CACert. They offer free security certificates for sites, and are intended for people like yourself. As its free, you've nothing to lose in trying it out and seeing if Google will accept it. If not, as Buffalo said, you're stuck with what Google offers you.