OpenID with JBoss Portal

From Wiki

Jump to: navigation, search

Contents

[edit] A lab exercise on how to use OpenID with JBoss Portal

[edit] Prerequisites for this exercise

  • JBoss Portal
  • OpenID stuff
  • Eclipse for development
  • environment to keep and run stuff
  • time

[edit] Background

I am generally interested in both technologies.

I want to understand if there is an easy way for portals to allow users to sign up.

I am annoyed with portals requiring you to enter loads of stuff to register, prohibiting a quick experience of what is behind the portal.

[edit] How does it look like

  • The portal frontpage to indicate that use of openid is supported and even encouraged.
  • As an alternative the user can provide his email and a password.
  • The elements registration, login, and account to show support of OpenID.

[edit] How does it work internally

  • no clue yet
  • must involve some integration into the jboss specific security and identity architecture
  • must involve embedding the openid4java code somewhere
  • must involve changes to the code for the view on registration, login, and account management
  • components
    • openid4java
    • jboss portal
    • jboss portal frontpage
    • jboss portal registration view
    • jboss portal login view
    • jboss portal account management view
    • jboss portal configuration view
    • jboss portal security
    • jboss portal identiy
    • jboss application server

[edit] How does JBoss Portal default registration and login work from the inside

  • no clue yet
  • no clue yet how to find out
  • Useful article on OpenID [[1]]
    • Article analyzed for the purpose of this lab exercise
  1. User visits portal
  2. User uses combination login/register with openid - requires a modified portal frontpage
  3. User submits the user's openid
  4. routing inside the jboss security/identity architecture
  5. openid normalization
  6. openid discovery
  7. openid association request - pooled?
  8. openid association response - handle
  9. openid request authentication
  10. redirect stuff where the user faces the openid provider content
  11. openid authentication response
  12. openid authentication verification
  13. set state to authenticated and log user in
    • Useful article on JBoss security integration with Acegi [[2]]




[edit] Registration from the consumer perspective

  • Many users have an an account with an OpenID provider.
  • So a portal can ask for this, and create an identity with an account number.
  • This should be it, no more details to be provided by the user to see behind the portal.
  • optionally a user should be allowed to provide plenty of information and additional security in the user's account management.

[edit] References

Personal tools