[OpenID] openid in a non-distributed situation?

Gábor Farkas gabor at nekomancer.net
Wed Jul 18 20:26:55 UTC 2007


hi,

i'm trying to implement a single-signon system for an intranet-solution, 
and had the idea that maybe openid would help there.

i understand that it's not what openID is meant for, but i thought it 
maybe could work in this situation.

my situation is the following:

- i have several web-applications on the intranet, currently all of them 
doing their own sessions/authorizations etc.

- i would like to do some kind of single-signon there, so that the users 
would only need to login once, and then 'stay' logged in on every server.

i understand that the usual workflow with openID is:

1. the user goes to one of the web-apps
2. the user enters his openID
3. the user is forwarded to the openID-provider where he somehow 
authenticates himself and is then returned to the web-app
4. the user is logged in to the web-app


this workflow is also fine for me, except:

A. i have to make sure that the users only have to enter their username 
as the openID, and then the user is always forwarded to our internal 
"openid-provider".

B. in this workflow, you enter your username (well, openID) at step-2, 
and your password at step-3. i would really like to allow the user to 
enter both at the same page, but i can live without that.

so, does it make sense to try something like this?


P.S: i know that are other solutions, specially meant for my problem 
(like CAS, etc.), but my problem with them is that they usually only 
have one implementation. openid, on the other hand, has lots of them.

thanks,
gabo



More information about the general mailing list