incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Sling Website > OpenID AuthenticationHandler
Date Tue, 09 Feb 2010 13:54:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/OpenID+AuthenticationHandler">OpenID
AuthenticationHandler</a></h2>
     <h4>Page <b>edited</b> by             <a href="http://cwiki.apache.org/confluence/display/~fmeschbe">Felix
Meschberger</a>
    </h4>
     
          <br/>
     <div class="notificationGreySide">
         <h1><a name="OpenIDAuthenticationHandler-OpenIDAuthenticationHandler"></a>OpenID
AuthenticationHandler</h1>

<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16"
align="absmiddle" alt="" border="0"></td><td><p>This page is work in
progress and not complete yet</p></td></tr></table></div>

<div><a href='#OpenIDAuthenticationHandler-AuthenticationHandlerimplementation'>AuthenticationHandler
implementation</a> | <a href='#OpenIDAuthenticationHandler-AuthenticationHandlerFeedbackimplementation'>AuthenticationHandlerFeedback
implementation</a> | <a href='#OpenIDAuthenticationHandler-Phase1%3AFormSubmission'>Phase
1: Form Submission</a> | <a href='#OpenIDAuthenticationHandler-Phase2%3AAuthenticatedRequests'>Phase
2: Authenticated Requests</a> | <a href='#OpenIDAuthenticationHandler-Configuration'>Configuration</a>
| <a href='#OpenIDAuthenticationHandler-SecurityConsiderations'>Security Considerations</a></div>

<p>The OpenID Authentication Handler ....</p>

<p>he OpenID Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/openidauth"
rel="nofollow">Sling SVN</a></p>

<h3><a name="OpenIDAuthenticationHandler-AuthenticationHandlerimplementation"></a>AuthenticationHandler
implementation</h3>


<ul>
	<li><tt>extractCredentials</tt> &#8211; ...</li>
	<li><tt>requestCredentials</tt> &#8211; ...</li>
	<li><tt>dropCredentials</tt> &#8211; ...</li>
</ul>



<h3><a name="OpenIDAuthenticationHandler-AuthenticationHandlerFeedbackimplementation"></a>AuthenticationHandlerFeedback
implementation</h3>

<ul>
	<li><tt>authenticationFailed</tt> &#8211; ...</li>
	<li><tt>authenticationSucceeded</tt> &#8211; ...</li>
</ul>



<h3><a name="OpenIDAuthenticationHandler-Phase1%3AFormSubmission"></a>Phase
1: Form Submission</h3>

<p>TODO: Require POST form (at any URL ??)</p>

<p>The form is rendered by redirecting the client to the URL indicated by the <tt>form.login.form</tt>
configuration parameter. This redirection request may accompanyied by the following parameters:</p>

<ul>
	<li><tt>resource</tt> &#8211; The resource to which the user should
be redirected after successful login. This request parameter should be submitted back to the
server as the <tt>resource</tt> parameter.</li>
	<li><tt>j_reason</tt> &#8211; This parameter indicates the reason for
rendering the login form. If this parameter is set, it is set to <tt>INVALID_CREDENTIALS</tt>
indicating a previous form submission presented invalid username and password or <tt>TIMEOUT</tt>
indicating a login session has timed out. The login form servlet/script can present the user
with an appropriate message.</li>
</ul>


<p>The Form Based Authentication handlers supports the following request parameters
submitted by the HTML form:</p>

<ul>
	<li><tt>openid_identifier</tt> &#8211; OpenID Claimed Identifier</li>
</ul>



<p>The OpenID Authentication Handler provides a default login form ... (work in progress)</p>


<h3><a name="OpenIDAuthenticationHandler-Phase2%3AAuthenticatedRequests"></a>Phase
2: Authenticated Requests</h3>


<p>Work in progress ....</p>


<h3><a name="OpenIDAuthenticationHandler-Configuration"></a>Configuration</h3>

<p>The OpenID AuthenticationHandler is configured with configuration provided by the
OSGi Configuration Admin Service using the <tt>org.apache.sling.openidauth.OpenIdAuthenticationHandler</tt>
service PID.</p>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> <tt>..name..</tt> </td>
<td class='confluenceTd'> <tt>..default..</tt> </td>
<td class='confluenceTd'> ..description.. </td>
</tr>
</tbody></table>


<h3><a name="OpenIDAuthenticationHandler-SecurityConsiderations"></a>Security
Considerations</h3>

<p>Work in progress ....</p>

<p>OpenIDAuthentication has some limitations in terms of security:</p>

<ol>
	<li>User name and password are transmitted in plain text in the initial form submission.</li>
	<li>The Cookie used to provide the authentication state or the HTTP Session ID may
be stolen.</li>
</ol>


<p>To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure
transport layer should be used such as TLS/SSL, VPN or IPSec.</p>
     </div>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>

       <a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/OpenID+AuthenticationHandler">View
Online</a>
       |
       <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=13271694&revisedVersion=3&originalVersion=2">View
Change</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/SLINGxSITE/OpenID+AuthenticationHandler?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message