Hi Markus, On Sun, Jun 15, 2008 at 7:03 PM, Markus Lanthaler <[EMAIL PROTECTED]> wrote: > Hi, > > after evaluating possible frameworks I would propose to use OpenSSO [1] for > my GSOC SSO project. > It has full SAML 2.0 support, but lacks a bit regarding OpenID which isn't > supported by default. There is an extension which allows OpenSSO to act as a > OpenID 1.1 OP, but doesn't have RP support. OpenSSO has a very active and > large community (which maybe is the strongest argument to use it). There are
Agree on the "strongest argument". > several requests for better OpenID support so I think that's a hot topic for > them and maybe it's possible to find some other developers with whom I can > add full OpenID 2.0 support. > > So now I'll start implementing RP support (authentication). As far as I > understand the code I have to implement a XWikiAuthService analogous to the > XWikiLDAPAuthServiceImpl, right? Yes I guess It will be very similar to XWikiLDAPAuthServiceImpl except that XWikiLDAPAuthServiceImpl don't need to touch login panel. > I also have some more questions :-) Let's start with OpenID (I'll start with > that): > > 1.) I need to modify the login screen because I just need a field where the > user can enter his OpenID URL, no password field. Then the user is redirect > to his OpenID provider. How should/can I implement that? As far as I know this part of XWiki is pretty static (But I'm not the one who know it the best so maybe there is something). If think here is an occasion to improve the modularity of this window. > > 2.) OpenIDs have to be bound to local user accounts (1:n relations, allow > more OpenIDs per account) - how should this happen? In the admin GUI? Who > should be allowed to do it? > > 3.) What about user registration? Should it be possible for users to create > accounts without password and just OpenID? Please consider that XWiki should > also be able to act as a provider, i.e. act as an OpenID server. XWikiLDAPAuthServiceImpl create the XWiki local user the first time it's authenticate (filling the user page with LDAP informations). Can't it be something like that ? > > > > Cheers, > Markus > > -- > [1] http://opensso.dev.java.net > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Thomas Mortagne _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
