[Code] Single sign on
Russ Ferrill
rferrill at vendorsafe.com
Tue Apr 3 22:42:12 UTC 2012
Let me describe the scenario I have in mind in a little more detail.
The user visits RP-A. RP-A does not ask the user to enter any information at all. RP-A makes an authorization request to the OP passing only the OP identifier. The OP prompts the user for credentials, authenticates the user, and sends a positive assertion to RP-A. The user then clicks a link on the RP-A site that redirects the users browser to RP-B. My question is how does RP-B make an authentication request to the OP that results in the OP sending a positive assertion to RP-B where neither RP-B nor the OP prompts the user for any identification or credentials?
-----Original Message-----
From: yangman at gmail.com [mailto:yangman at gmail.com] On Behalf Of Yang Zhao
Sent: Tuesday, April 03, 2012 10:14 PM
To: Russ Ferrill
Cc: openid-code at lists.openid.net
Subject: Re: [Code] Single sign on
On 3 April 2012 15:05, Russ Ferrill <rferrill at vendorsafe.com> wrote:
> Let us suppose that there are two different relying part sites that both use
> the same OP and want to implement single sign on between them so that if an
> end user visits both sites the user is only prompted for login credentials a
> single time.
Yes, you can adopt OpenID to work as a SSO service. Basically
implement relying parties such that they authenticate against a
specific OP.
Cheers,
--
Yang Zhao
http://yangman.ca
More information about the Code
mailing list