Table of contents
- 1. Basics
- 2. Webserver
- 3. Coding
- 3.1. ToDo:
- 3.2. Feedback and discussion
Basics
We are going to implement an openID consumer on the basis of http://openidenabled.com Version 2.0.1.
Webserver
An additional folder “openid” is added to the webfolder and excluded from wiki access:
RewriteCond%{REQUEST_URI} !/(@api|editor|skins|config|openid)/.
Coding
We will use the modified mindtouch.deki.services.dll and mindtouch.deki.dll from:
http://wiki.opengarden.org/Deki_Wiki/Specs/Trusted_Authentication
- Further, we modified the MindTouch(PHP Frontend) in the following ways:
- add Local Service in Control panel, using a unique SSID and a custom config parameter “Consumer”
- add another constant “OPENID” with SSID value in webService.php (SSID serves as an identifier for the OPENID service)
const OPENID = 'http://openidenabled.com/';
- add another case within switch ($lService->GetSid()) in SpecialUserLogin.php for WebService::OPENID in order to pass self:LOGINOPENID to PrepareLoginHtml() function:
case WebService::OPENID: { return $this->PrepareLoginHtml(self::LOGINOPENID, $lService->GetId()); }- add another case within switch ($aLoginType) in PrepareLoginHtml() to display OpenID login HTML Data only, without any additional input fields:
case self::LOGINOPENID: { $lTableCells = array(); $lTableCells[] = new TableCell($lSubmit2->GetHtml()); $lTableRows[] = $lTableCells; break; }- add new submit form tag for OpenID button:
$lSubmit2 = new SubmitFormTag($this->mHtmlTagNames['submit_openid']); $lSubmit2->SetValue($this->mHtmlSubmitValues['openid']); $lSubmit2->SetTagParam('tabindex', '8');- add new mHtmlTagNames array value:
'submit_openid' => 'dosubmit_openid'
- add new mHtmlSubmitValues array value:
'openid' => wfMsg('Page.UserLogin.submit-openid') . ' >>',- add “submit-openid=OpenID Login” under “[Page.UserLogin]” in resource/resources.txt
- a button “OpenID Login” is now generated when selecting the OpenID authentication Service on user login page
- the js function SaveCreds() needs to be modified to prevent a js error from happening when no input fields are displayed on login page (the only case when this applies is selecting the OpenID Service Option)
function SaveCreds() { if(nameTag = document.getElementById(\''.$this->mHtmlTagIds['name'].'\')){ var lName = nameTag.value; var lPwd = document.getElementById(\''.$this->mHtmlTagIds['password'].'\').value; x_wfSaveLoginPageCreds(lName, lPwd, SaveCreds_cb); } }- pressing the “OpenID Login” button will result in a reload being triggered by mHtmlTagNames['submit_openid']
- the HandleRequest() function needs to be modified in order to identify the request and perform OpenID specific tasks:
else if ($this->mRequest->getCheck($this->mHtmlTagNames['submit_openid'])){$this->RedirectOpenID();}- Add a new function to retrieve the OpenID Consumer URL previously defined as the configuration parameter “Consumer” in the local service:
function GetOpenIDConsumer($aAuthServiceId) { $lDream = new DreamServiceManagement(); $lDream->SuppressErrors(); $lService = $lDream->GetById($aAuthServiceId); if (is_object($lService)) { $ConfArr = $lService->GetConfig(); return ($ConfArr['Consumer']); } }- Add another function RedirectOpenID(), a new session name is defined and user is redirected to OpenID Consumer:
function RedirectOpenID(){ $_SESSION['i2s_origin'] = "http://" . $_SERVER['SERVER_NAME'] . ereg_replace("Special:Userlogin", "", $_SERVER['REQUEST_URI']); $consumer = $this->GetOpenIDConsumer($this->mRequest->getVal($this->mHtmlTagNames['service'])); $this->mOutput->redirect( "$consumer", '301'); }- If not already logged in the user is redirected to the OpenID Provider (Provider URL is hardcoded in Consumer) for further validation
- OpenID Provider performs validation and sets an OpenID Cookie on success, user is redirected to finish_auth.php where /@api/deki/users/authenticate is called and MindTouch authentication is done by setting another Cookie containing the returned authentication token
- After MindTouch authentication user is redirected back to URL previously defined in Session parameter
ToDo:
1.integrate OpenID Consumer into MindTouch as a class by loading OpenID library directly, avoiding unnecessary redirections and allowing the use of a custom or predefined OpenID Provider . “Consumer” config parameter will then be replaced by “Provider” parameter. If no Provider was added by MindTouch administration user will be given the option to input a custom one on login page.
2.if openID authentication does succeed but user is non-existent in MindTouch Database, a new user needs to be created with an openID and a username. Currently the created username equals the openID resulting in the OpenID string being displayed instead of the actual username in MindTouch. The Database needs to be modified as well to contain the actual username and OpenID string or multiple OpenIDs for a single user if stored in a separate table.
Feedback and discussion
- Tag page (Edit tags)
- What links here
Files 2
| File | Size | Date | Attached by | |||
|---|---|---|---|---|---|---|
 | modified_deki_wiki.rar modified frontend | 29.23 kB | 13:30, 20 May 2008 | kostya | Actions | |
| modified_openid_consumer_files.rar modified consumer | 3.7 kB | 13:30, 20 May 2008 | kostya | Actions | |
| Images 0 | ||
|---|---|---|
| No images to display in the gallery. |