11 Jul
2008
11 Jul
'08
12:22 p.m.
First of all
the current architecture doesn't support multiple
authenticators simultaneously (at least I didn't find how). I wanted to
add
OpenID as an additional (optional) authentication method as shown in my
proposal at http://dev.xwiki.org/xwiki/bin/view/Design/SingleSignOn. This
is
not possible with the current design - at least not in an elegant manner.
Should I add OpenID so that it is always shown if the MyFormAuthenticator
is
used? Or should I think about how we could make XWiki more flexible?
In the context of GSOC I think adding some if in the right places will
be enough. I can't
implement the whole XWikiAuthService interface because OpenID
doesn't use passwords. This could cause problems. Should we change that
interface or create a new one for authentication methods that rely only
on
XWikiContext?
Except it's not very clean, I don't see the problem with password
parameter. Do you say that you need something else or just that
password is useless ? The authentication need a complete refactor (chained
component, UI
modularity, parameters modularity, etc.) but I doubt this can be done
here. You already have lot of work do do ;)
I fear that's true :-)
I need a
mechanism to handle the response of the OpenID provider (at a
known
URL). What's the best approach for that? Using an action, a servlet, ...?
I
need to parse and evaluate the response and depending on return to the
login
form showing an error message or logging in the user and forwarding it to
the requested resource.
I would say servlet as it seems totally independent from XWiki
standard http process but i'm not the expert on that.