On Feb 19, 2009, at 2:07 AM, Marius Gedminas wrote:
I have the impression that you're talking past each other.
There are two ways of using OpenID:
* you can be an OpenID provider, i.e. accept logins with username
password and respond to authentication requests from other websites
Previously Shane Hathaway wrote:
Alternatively, I have wondered if we actually need full-blown SSO;
perhaps a carefully constructed domain-wide cookie would do the trick.
Any experiences with that?
auth_tkt based cookies sounds like a good option, possibly combined with
something like SQL or
On Feb 17, 2009, at 7:55 PM, Shane Hathaway wrote:
Gary Poster wrote:
Launchpad uses OpenID. We don't have that slated for abstraction
and open-sourcing immediately. However, most of the Launchpad code
(including this bit) is to be open-sourced by this summer,
abstracted or not.
Gary Poster wrote:
We use the OpenID 2.0 identifier select URL. This is a special OpenID
url that
basically means: identity using whatever ID you have on that server.
The OpenID response will contain the actual OpenID identifier of the
user at
the end of the request.
So sites that
Shane Hathaway schreef:
* The SSO process should be very similar to an ordinary cookie-based
login process. I don't want the user to have to enter their username on
one form and their password on another, but that's the standard OpenID
process.
* This will be implemented in Zope 3.
Reinout van Rees wrote:
So: easiest way is to let some trusted apache plugin handle the hard
part and then laugh all the way to the bank with some 100-line
authentication plugin.
That would usually work, but in this case, customers will be doing their
own installation, so we need to keep
On Wed, Feb 18, 2009 at 09:00:10AM -0500, Gary Poster wrote:
On Feb 17, 2009, at 7:55 PM, Shane Hathaway wrote:
Gary Poster wrote:
Launchpad uses OpenID. We don't have that slated for abstraction
and open-sourcing immediately. However, most of the Launchpad code
(including this
Marius Gedminas wrote:
It's my impression that launchpad.net is an OpenID provider only, while
Shane is trying to figure out how to use the OpenID consumer API in
AuthKit.
No. I am going after the more conventional single sign on use case
where many consumers depend on only one centralized
I'm working with a customer on a single sign on (SSO) system for Zope.
We haven't yet chosen which SSO system we want to use. I would like to
hear from anyone who has set up SSO with Zope.
We have some definite requirements:
* We can't accept arbitrary identities like OpenID normally does.