Giter Site home page Giter Site logo

plone.openid's Introduction

OpenID PAS support

Introduction

This product implements OpenID authentication support for Zope via a Pluggable Authentication Service plugin.

Using this package everyone with an OpenID authentity will be able to login on your Zope site. OpenID accounts are not given any extra roles beyond the standard Authenticated role. This allows you to make a distinction between people that have explicitly signed up to your site and people who are unknown but have succesfully verified their identity.

Authentication flow

The OpenID authentication flow goes like this:

  • user submits a OpenID identity (which is a URL) to you site. This is done through a HTTP POST using a form variable called __ac_identity_url
  • the PAS plugin sees this variable during credential extraction and initiates a OpenID challenge. This results in a transaction commit and a redirect to an OpenID server.
  • the OpenID server takes care of authenticating the user and redirect the user back to the Zope site.
  • the OpenID PAS plugin extracts the information passed in via the OpenID server redirect and uses that in its authentication code to complete the OpenID authentication

Session management

The PAS plugin only takes care of authenticating users. In almost all environments it will be needed to also setup a session so users stay logged in when they visit another page. This can be done via a special session management PAS plugin, for example plone.session.

plone.openid's People

Contributors

aburkhalter avatar datakurre avatar davisagli avatar dnouri avatar esteele avatar gforcada avatar hannosch avatar limi avatar mauritsvanrees avatar reinout avatar stefanholek avatar tisto avatar tomgross avatar vloothuis avatar wichert avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jean pingviini domruf naro zombified isawnyu spamsch sunfirescm zms-publishing

plone.openid's Issues

Errors parsing openid request

I tried plone.openid and plone.app.openid on a Plone 5.1.5 site, because we might have a use case for it. It did not work, so we will skip it. But let me list two problems I saw.

For me it goes wrong in the plone.openid authentication plugin. You don't really see anything in the logs, because errors are swallowed in PAS plugins. But with a pdb I can see more.

It always fails in the line that basically checks if the query is valid.

My OpenID provider was a Django site. The query parameters at this point were:

{'extractor': 'openid',
 'janrain_nonce': '2019-03-29T13:49:40ZtStQmm',
 'login': None,
 'openid.assoc_handle': '{HMAC-SHA1}{5c9e21a7}{p5QvEw==}',
 'openid.claimed_id': 'http://localhost:8000/[email protected]',
 'openid.identity': 'http://localhost:8000/[email protected]',
 'openid.mode': 'id_res',
 'openid.ns': 'http://specs.openid.net/auth/2.0',
 'openid.op_endpoint': 'http://localhost:8000/app/server/',
 'openid.response_nonce': '2019-03-29T13:49:40ZqNZJos',
 'openid.return_to': 'http://localhost:8080/int?janrain_nonce=2019-03-29T13%3A49%3A40ZtStQmm',
 'openid.sig': 'VhU/hmrD/ARRKfFol68ZNrs8U54=',
 'openid.signed': 'assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed',
 'openid.source': 'server'}

First failure is because the login key is None, giving an AttributeError: 'NoneType' object has no attribute 'encode'. The login None is there because PAS inserts it, trying to lowercase the existing login key.

I tried setting login to empty string, but then I got a seemingly unrelated failure.

Ah, no, wait: when I remove the login None instead of changing it to an empty string, it actually works. The other error is no longer there.

Okay, I will just fix that. I may still not end up using this package, but this can help others.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.