[Code] (no subject)

Markus Jelsma - Buyways B.V. markus at buyways.nl
Thu Sep 10 08:57:16 UTC 2009 

LS,


   I have a question about authenticating and verifying with OpenID
  but before i can ask my question i need to give a little background
  information.

  We are currently building a centralised IDM/SSO solution which acts
  like a central store with profiles and handles authentication, it
  allows for traditional authentication as well as OpenID.

  The central server usually requires some form of authentication
  before it can read or update a profile. Client websites simply use
  our API to authenticate and perform profile operations such as
  login, update or retrieve an active (SSO) profile to allow users to
  browse through all websites while still being logged in.

  This all works very nice, but there is a little problem using
  OpenID.

  I have implemented the authentication part of OpenID in the client,
  to allow redirection to your site or any other OpenID service
  provider.

  After the redirection returns to the client website, it will pass
  the received HTTP GET parameters to the centralised IDM/SSO server
  which will then validate the authentication, this must be done at
  the server for i have no other alternative to actually identify an
  authentication otherwise.

  The problem now is that it __sometimes___ fails due to unknown
reasons.
  It just says it cannot authenticate. Can you give me some advice?

  To clarify, here is a simple overview of the flow:

  1) user-agent fills in OpenID URI at client site;
  2) client site redirects to OpenID service provider;
  3) service provider redirects back to client site;
  4) client site collects HTTP query string parameters returned by the
OpenID service provider;
  5) client site calls central server and passes these parameters;
  6) central server attempts to finalize the authentication by
validating it and returns
  the profile or passes an exception.

  Please note, client site can be any host and on any domain. The
  central server always resides on its own host or domain.

  Would it be helpful to add the central server to the trust roots?

  I patiently await your response.



-  
Markus Jelsma          Buyways B.V.            
Technisch Architect    Friesestraatweg 215c    
http://www.buyways.nl  9743 AD Groningen       


Alg. 050-853 6600      KvK  01074105
Tel. 050-853 6620      Fax. 050-3118124
Mob. 06-5025 8350      In: http://www.linkedin.com/in/markus17/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20090910/e4700ec1/attachment.htm>

More information about the Code mailing list