[#422] Be an OpenID provider

Description

Summary:

Detailed description

Add a plugin to the forge that “is” an OpenID provider, using the normal Forge login and user account, and offering a profile consisting of unixname, username, three eMail addresses (the one from My Account, user@forgedomain, user@users.forgedomain), including a page asking whether to trust that site and what information to give to it.

This is kinda nontrivial, as all existing OpenID libraries appear to want to manage their own users, even Zendframework. (I looked.)

We basically need: • a thin DB part, storing associations and nonces and such • a provider/delegate page, which can (must) be exempt from HTTP Basic Auth if exists, e.g. www/openidprov/index.php • www/account/decide.php (for example), which requires session_loggedin() and asks the user whether to trust the requesting site

The openidprov/index.php page would be accessed by the requesting site, redirect the user to the decide.php (which possibly round-trips via login.php).

General Information
Submitted by:
Thorsten Glaser
Date Submitted: 2012-05-08 08:47
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/422
Actions
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Resolution:
none
Difficulty:
Complex
Target release:
none
Follow-up tabs
Message  ↓
Date: 2012-11-19 22:32
Sender: Christian Bayle

There are several openid providers, seen one recently on owncloud simplesamlphp is a working one, at least with jenkins, but missing attributes simpleid, couldn't use with jenkins also may be interesting to use something like lemonldap-ng, though I didn't manage to use the openid provider, it seems really interesting to integrate nice SSO

Date: 2012-11-19 16:16
Sender: Thorsten Glaser

Can we reuse this? http://anarcat.koumbit.org/2012-11-17-first-stable-release-drupal-openid-provider

No attached documents

No related commits.

Field Old Value Date By
detailsAdd a plugin to the forge that “is” an OpenID provider, using the normal Forge login and user account, and offering a profile consisting of unix_name, user_name, three eMail addresses (the one from My Account, user@forgedomain, user@users.forgedomain), including a page asking whether to trust that site and what information to give to it. This is kinda nontrivial, as all existing OpenID libraries appear to want to manage their own users, even Zendframework. (I looked.) We basically need: • a thin DB part, storing associations and nonces and such • a provider/delegate page, which can (must) be exempt from HTTP Basic Auth if exists, e.g. www/openidprov/index.php • www/account/decide.php (for example), which requires session_loggedin() and asks the user whether to trust the requesting site The openidprov/index.php page would be accessed by the requesting site, redirect the _user_ to the decide.php (which possibly round-trips via login.php).2012-11-19 22:32
Christian Bayle
detailsAdd a plugin to the forge that “is” an OpenID provider, using the normal Forge login and user account, and offering a profile consisting of unix_name, user_name, three eMail addresses (the one from My Account, user@forgedomain, user@users.forgedomain), including a page asking whether to trust that site and what information to give to it. This is kinda nontrivial, as all existing OpenID libraries appear to want to manage their own users, even Zendframework. (I looked.) We basically need: • a thin DB part, storing associations and nonces and such • a provider/delegate page, which can (must) be exempt from HTTP Basic Auth if exists, e.g. www/openidprov/index.php • www/account/decide.php (for example), which requires session_loggedin() and asks the user whether to trust the requesting site The openidprov/index.php page would be accessed by the requesting site, redirect the _user_ to the decide.php (which possibly round-trips via login.php).2012-11-19 16:16
Thorsten Glaser

No relations found.