15 Jun
2008
15 Jun
'08
7:03 p.m.
Hi,
after evaluating possible frameworks I would propose to use OpenSSO [1] for
my GSOC SSO project.
It has full SAML 2.0 support, but lacks a bit regarding OpenID which isn't
supported by default. There is an extension which allows OpenSSO to act as a
OpenID 1.1 OP, but doesn't have RP support. OpenSSO has a very active and
large community (which maybe is the strongest argument to use it). There are
several requests for better OpenID support so I think that's a hot topic for
them and maybe it's possible to find some other developers with whom I can
add full OpenID 2.0 support.
So now I'll start implementing RP support (authentication). As far as I
understand the code I have to implement a XWikiAuthService analogous to the
XWikiLDAPAuthServiceImpl, right?
I also have some more questions :-) Let's start with OpenID (I'll start with
that):
1.) I need to modify the login screen because I just need a field where the
user can enter his OpenID URL, no password field. Then the user is redirect
to his OpenID provider. How should/can I implement that?
2.) OpenIDs have to be bound to local user accounts (1:n relations, allow
more OpenIDs per account) - how should this happen? In the admin GUI? Who
should be allowed to do it?
3.) What about user registration? Should it be possible for users to create
accounts without password and just OpenID? Please consider that XWiki should
also be able to act as a provider, i.e. act as an OpenID server.
Cheers,
Markus
--
[1] http://opensso.dev.java.net