Re: [xwiki-devs] SSO framework integration

after evaluating possible frameworks I would propose to use OpenSSO [1] for my GSOC SSO project. It has full SAML 2.0 support, but lacks a bit regarding OpenID which isn't supported by default. There is an extension which allows OpenSSO to act as a OpenID 1.1 OP, but doesn't have RP support. OpenSSO has a very active and large community (which maybe is the strongest argument to use it). There are several requests for better OpenID support so I think that's a hot topic for them and maybe it's possible to find some other developers with whom I can add full OpenID 2.0 support. So now I'll start implementing RP support (authentication). As far as I understand the code I have to implement a XWikiAuthService analogous to the XWikiLDAPAuthServiceImpl, right? I also have some more questions :-) Let's start with OpenID (I'll start with that): 1.) I need to modify the login screen because I just need a field where the user can enter his OpenID URL, no password field. Then the user is redirect to his OpenID provider. How should/can I implement that? 2.) OpenIDs have to be bound to local user accounts (1:n relations, allow more OpenIDs per account) - how should this happen? In the admin GUI? Who should be allowed to do it?

3.) What about user registration? Should it be possible for users to create accounts without password and just OpenID?

Please consider that XWiki should also be able to act as a provider, i.e. act as an OpenID server.