incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Sling Website > OpenID AuthenticationHandler
Date Tue, 09 Feb 2010 13:53:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="">OpenID
     <h4>Page <b>edited</b> by             <a href="">Felix
     <div class="notificationGreySide">
         <h1><a name="OpenIDAuthenticationHandler-OpenIDAuthenticationHandler"></a>OpenID

<div class="error"><span class="error">Unknown macro: {warn}</span> 
<p>This page is work in progress and not complete yet</p></div>

<div><a href='#OpenIDAuthenticationHandler-AuthenticationHandlerimplementation'>AuthenticationHandler
implementation</a> | <a href='#OpenIDAuthenticationHandler-AuthenticationHandlerFeedbackimplementation'>AuthenticationHandlerFeedback
implementation</a> | <a href='#OpenIDAuthenticationHandler-Phase1%3AFormSubmission'>Phase
1: Form Submission</a> | <a href='#OpenIDAuthenticationHandler-Phase2%3AAuthenticatedRequests'>Phase
2: Authenticated Requests</a> | <a href='#OpenIDAuthenticationHandler-Configuration'>Configuration</a>
| <a href='#OpenIDAuthenticationHandler-SecurityConsiderations'>Security Considerations</a></div>

<p>The OpenID Authentication Handler ....</p>

<p>he OpenID Authentication Handler is maintained in the <a href=""
rel="nofollow">Sling SVN</a></p>

<h3><a name="OpenIDAuthenticationHandler-AuthenticationHandlerimplementation"></a>AuthenticationHandler

	<li><tt>extractCredentials</tt> &#8211; ...</li>
	<li><tt>requestCredentials</tt> &#8211; ...</li>
	<li><tt>dropCredentials</tt> &#8211; ...</li>

<h3><a name="OpenIDAuthenticationHandler-AuthenticationHandlerFeedbackimplementation"></a>AuthenticationHandlerFeedback

	<li><tt>authenticationFailed</tt> &#8211; ...</li>
	<li><tt>authenticationSucceeded</tt> &#8211; ...</li>

<h3><a name="OpenIDAuthenticationHandler-Phase1%3AFormSubmission"></a>Phase
1: Form Submission</h3>

<p>TODO: Require POST form (at any URL ??)</p>

<p>The form is rendered by redirecting the client to the URL indicated by the <tt>form.login.form</tt>
configuration parameter. This redirection request may accompanyied by the following parameters:</p>

	<li><tt>resource</tt> &#8211; The resource to which the user should
be redirected after successful login. This request parameter should be submitted back to the
server as the <tt>resource</tt> parameter.</li>
	<li><tt>j_reason</tt> &#8211; This parameter indicates the reason for
rendering the login form. If this parameter is set, it is set to <tt>INVALID_CREDENTIALS</tt>
indicating a previous form submission presented invalid username and password or <tt>TIMEOUT</tt>
indicating a login session has timed out. The login form servlet/script can present the user
with an appropriate message.</li>

<p>The Form Based Authentication handlers supports the following request parameters
submitted by the HTML form:</p>

	<li><tt>openid_identifier</tt> &#8211; OpenID Claimed Identifier</li>

<p>The OpenID Authentication Handler provides a default login form ... (work in progress)</p>

<h3><a name="OpenIDAuthenticationHandler-Phase2%3AAuthenticatedRequests"></a>Phase
2: Authenticated Requests</h3>

<p>Work in progress ....</p>

<h3><a name="OpenIDAuthenticationHandler-Configuration"></a>Configuration</h3>

<p>The OpenID AuthenticationHandler is configured with configuration provided by the
OSGi Configuration Admin Service using the <tt></tt>
service PID.</p>

<table class='confluenceTable'><tbody>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Description </th>
<td class='confluenceTd'> <tt></tt> </td>
<td class='confluenceTd'> <tt>..default..</tt> </td>
<td class='confluenceTd'> ..description.. </td>

<h3><a name="OpenIDAuthenticationHandler-SecurityConsiderations"></a>Security

<p>Work in progress ....</p>

<p>OpenIDAuthentication has some limitations in terms of security:</p>

	<li>User name and password are transmitted in plain text in the initial form submission.</li>
	<li>The Cookie used to provide the authentication state or the HTTP Session ID may
be stolen.</li>

<p>To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure
transport layer should be used such as TLS/SSL, VPN or IPSec.</p>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>

       <a href="">View
       <a href="">View
       <a href=";showCommentArea=true#addcomment">Add

View raw message