That's great to hear someone is working on this. However, I'm wondering if it's possible to make it more transparent to the user. For example, have some sort of bean or filter that's OpenID aware and has a list of servers to talk to. If there's two dots in the username, Acegi attempts to authenticate with open id (through some background call that's transparent to the user). If not, it attempts normal authentication.
Is there any problem with providing this type of transparency? I like the idea behind having the openid string and username come from the same text box. http://www.pjhyett.com/posts/213-openid-isn-t-going-to-work-unless I don't know about the fake e-mail address in the above post, but I like the idea of assuming openid when no password is entered. Matt On 3/8/07, Robin.Bramley <[EMAIL PROTECTED]> wrote: > Hi Matt, > > I'm currently working on OpenID ui, provider & adaptor classes for Acegi > - with the intention of tidying them up and contributing them to the > project. > > I've got a prototype Acegi OpenID consumer authentication working (using > the JanRain library - I plan to abstract the library support). > The flow is: > 1. User requests a secured page and the > AuthenticationProcessingFilterEntryPoint (configured on the > ExceptionTranslationFilter) sends the user off to an OpenID login form > 2. The user enters their OpenID (e.g. rbramley.myopenid.com) and > submits the form > 3. The form POSTs to /j_acegi_openid mapped to > OpenIDLoginInitiationServlet (uses Spring web app context to get the > JanRain OpenID Store) > 4. The Consumer.begin method looks up the identity page, associates to > the server etc. > 5. The servlet redirects the user to the OpenID server (e.g. > myopenid.com), setting the return to URL as > /j_acegi_openid_security_check > 6. The user logs on and the OpenID server returns the user > 7. Acegi passes the request to the OpenIDProcessingFilter based on the > filterProcessesUrl property > 8. The Consumer.complete method provides a response object which is > wrapped in an OpenIDAuthenticationToken > 9. This is passed to the OpenIDAuthenticationProvider (via the > AuthenticationManager) > 10. If the response is a successul authentication, the auth provider > uses the CasAuthoritiesPopulator interface to obtain the UserDetails > 11. The Authentication is returned and the user sent to the originally > requested URL (as stored in the > AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY HttpSession > attribute by the SecurityEnforcementFilter). > > > The next steps are to finish the OpenID server (may use the openid4java > library from sxip) backed by Acegi and then look at how to encapsulate > the registration functionality. > > Cheers, > > Robin > > Robin Bramley > Opsera > www.opsera.com <http://www.opsera.com/> > > > Matt Raible > > Fri, 29 Dec 2006 15:34:32 -0800 > > > > Are there any plans to support OpenID as a SSO option with Acegi > Security? > > > > http://openid.net <http://openid.net/> > > > > We've seen some interest in supporting this with Roller - which uses > > Acegi for its security. > > > > Thanks, > > > > Matt > > > > -- > > http://raibledesigns.com <http://raibledesigns.com/> > > > > > > > -- http://raibledesigns.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
