[#XWIKI-2588] Implement Authentication service based on OpenId

XWiki Core

Implement Authentication service based on OpenId

Created: 29/Jul/08 17:04 Updated: Yesterday 11:10

Component/s:

Authentication and Rights Management

Affects Version/s:

None

Fix Version/s:

1.7 RC1

File Attachments:

openid-authentication-patches-20080819.zip (19 kB)
2.

openid-core-patch-20080813.patch (36 kB)
3.

openid-core-patch-20080815.patch (61 kB)
4.

openid-patch-web-20080820.patch (15 kB)
5.

OpenID-RP-20080730.patch (53 kB)
6.

openid-web-patch-20080813.patch (10 kB)
7.

openid-web-patch-20080815.patch (15 kB)

Issue Links:

Dependency

This issue depends on:

~~XWIKI-2613~~ Make XWikiServletURLFactory#getServerURL public

Related

This issue is related to:

XWIKI-2630 OpenID provider implementation

XSALBATROSS-34 Add styling for OpenID forms

Date of First Response:

30/Jul/08 18:54

Description

« Hide

See http://dev.xwiki.org/xwiki/bin/view/Design/SingleSignOn

All

Comments

Change History

Sort Order:

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 30/Jul/08 18:54

First version of OpenID authentication (RP). Creating a new OpenID user (registration) and logging in with an OpenID works already. It still needs some cosmetic fixes (forms).

Still missing:

Form redirect on login (OpenID 2.0 method)
Get real realm, currently hard-coded (http://localhost:8181/, marked with FIXME)
Possibility to attach an OpenID identifier to an existing user
CSS styling of registration and login form

Maybe the OpenID helper class should be transformed in a plugin!?

[ Permlink | « Hide ]

Thomas Mortagne added a comment - 08/Aug/08 14:29

FYI, starting to review the patch.

[ Permlink | « Hide ]

Thomas Mortagne added a comment - 08/Aug/08 15:08

First of all: it's a great peace of code (there is even a configured names query in both hql and xpath

) !

Some comments:

Could you add in this issue a detailed explanation on how to test it (configure some openid server, is some configuration needed, etc.) ?
As you suggest in you comment, I think you should move OpenIDHelper.java into com.xpn.xwiki.plugin.openid to be able to easily provide a plugin api. Even if you don't create it now (it's not the goal of this project and you don't need it internally, plugins are generally targeting scripting) it will be easier if openid tools already are in the right place.
The code need more javadoc but I guess it's just because it's not complete yet. Anyways it's a reminder
you should cut you patch in two different one: one for _xwiki-core_ and the other for _web-standard_. In other words one by project. It's difficult to apply right now.
MyFormAuthenticator.java:
- processOpenIdLogin:
  - shouldn't you test if _openid_identifier_ is null ?
- processOpenIdLoginResponse:
  - l367 : _rememberme_ is not used

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 13/Aug/08 19:14

The newly introduced forms have to be styled.

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 13/Aug/08 19:16

In order to set the realm it needs to be possible to get the current server URL.

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 13/Aug/08 19:29

More or less feature complete now.
Still missing:

CSS styling (separate JIRA issue)
Attach OpenID to already existing user (how should this be done?)

To test it you need an OpenID. Probably you have already one. Look at http://openid.net/get/ to find out potential providers. Otherwise I suggest to create one at http://www.myopenid.com/.

After creation of the OpenID you have to register yourself as an OpenID user. For OpenID 2.0 providers (yahoo, myopenid and probably many others) you can just enter yahoo.com or myopenid.com. After registration you can log in by doing the same thing. Just enter your OpenID in the right field and you'll be redirected to your OP and back to XWiki.

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 14/Aug/08 17:45

Uploaded styles to XSALBATROSS-34.
Still missing:

Attach OpenID to already existing user

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 15/Aug/08 18:49

Added an action to attach an OpenID to an already existing user account. Currently it works just when logged in as administrator (surf to /xwiki/bin/attachopenid/XWiki/AttachOpenID).

OpenID authentication is now fully implemented. The only remaining task is to integrate the AttachOpenIdAction into the user profile page so that it's easily accessible and set the right permissions for that action (any authenticated user should be allowed to call it).

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 19/Aug/08 18:07

OpenID authentication support is now fully implemented. All patches are bundled in the attached ZIP-file "openid-authentication-patches-20080819.zip".

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 20/Aug/08 17:56

The patch openid-patch-web-20080819.patch in the ZIP file contains a wrong version of the registerinline.vm template. The newly uploaded patch openid-patch-web-20080820.patch resolves this problem.

[ Permlink | « Hide ]

Thomas Mortagne added a comment - 22/Aug/08 15:18

I don't have much to comment on the last patch.

Just one thing: it would be great to have also as much as possible unit and integration tests. I think this means use some embedded OpenId server (I searched a little but could not fiind one maybe you know some tool for it) for integration/selenium tests or some mockup for unit tests.

For unit tests you can look at xwiki-core project /src/test/java and integrations test are located in xe destrbutions-tests sub module.

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 25/Aug/08 10:11

I don't know any embedded OpenID server. Also it's not easy to test such a thing. The used library is fully unit tested so there shouldn't be much problems. Maybe the easiest thing would be to test it with a (or more) public OpenID servers like MyOpenID.com or Yahoo. But I don't know if this really makes much sense.

[ Permlink | « Hide ]

Markus Lanthaler added a comment - 29/Aug/08 12:36

I attached the latest patch bundle to XWIKI-2630. It can be downloaded from here.

Please don't forget to apply also the styles.