[CONF] Apache Sling Website > OpenID AuthenticationHandler

[confluence]

OpenID AuthenticationHandler Page edited by Felix Meschberger OpenID AuthenticationHandler Unknown macro: {warn} This page is work in progress and not complete yet AuthenticationHandler implementation | AuthenticationHandlerFeedback implementation | Phase 1: Form Submission | Phase 2: Authenticated Requests | Configuration | Security Considerations The OpenID Authentication Handler .... he OpenID Authentication Handler is maintained in the Sling SVN AuthenticationHandler implementation extractCredentials – ... requestCredentials – ... dropCredentials – ... AuthenticationHandlerFeedback implementation authenticationFailed – ... authenticationSucceeded – ... Phase 1: Form Submission TODO: Require POST form (at any URL ??) The form is rendered by redirecting the client to the URL indicated by the form.login.form configuration parameter. This redirection request may accompanyied by the following parameters: resource – The resource to which the user should be redirected after successful login. This request parameter should be submitted back to the server as the resource parameter. j_reason – This parameter indicates the reason for rendering the login form. If this parameter is set, it is set to INVALID_CREDENTIALS indicating a previous form submission presented invalid username and password or TIMEOUT indicating a login session has timed out. The login form servlet/script can present the user with an appropriate message. The Form Based Authentication handlers supports the following request parameters submitted by the HTML form: openid_identifier – OpenID Claimed Identifier The OpenID Authentication Handler provides a default login form ... (work in progress) Phase 2: Authenticated Requests Work in progress .... Configuration The OpenID AuthenticationHandler is configured with configuration provided by the OSGi Configuration Admin Service using the org.apache.sling.openidauth.OpenIdAuthenticationHandler service PID. Parameter Default Description ..name.. ..default.. ..description.. Security Considerations Work in progress .... OpenIDAuthentication has some limitations in terms of security: User name and password are transmitted in plain text in the initial form submission. The Cookie used to provide the authentication state or the HTTP Session ID may be stolen. To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure transport layer should be used such as TLS/SSL, VPN or IPSec. Change Notification Preferences View Online | View Change | Add Comment