Auth WebID Plugin
- Auth WebID Plugin
- This authwebid plugin allows SSO with "one-clik" through the use of WebID. Plugin available since FusionForge 5.3.x .
- Plugin Changelog
- Plugin Changelog for authwebid
This authwebid plugin allows SSO with "one-clik" through the use of WebID.
The principle is to bind existing fusionforge user accounts to URIs (the WebIDs in question), and to delegate to a third party WebID identity provider the responsability to verify the authentication with these WebIDs.
The admin of the forge must then trust that WebID Identity Provider (IdP) to properly verify the user's SSL client cert associated to that WebID (see the WebID specs for the principles of WebID's use of SSL client certs).
Popular WebID Idp are foafssl.org and auth.my-profile.eu.
The plugin relies on the WebIDDelegatedAuth library which embeds the necessary bits to check the IdP's response.
For those used to OpenID or BrowserID, it's more or less the same principle, but under the hood, WebID uses Semantic Web standards like RDF (FOAF) and SSL certs, is distributed by mature, rendering authentication less prone to monopolies (among other nice properties).
The code was committed to the trunk, but works on 5.2.
See the corresponding initial feature request : #311 Provide a WebID authentication plugin