[Code] Single sign on
Yang Zhao
yang at yangman.ca
Tue Apr 3 23:07:38 UTC 2012
Have RP-B make an automated OpenID authentication request using
immediate mode and identifier_select.
See sections 9.1, 9.3 and 10 of the OpenID 2.0 spec.
On 3 April 2012 15:42, Russ Ferrill <rferrill at vendorsafe.com> wrote:
> Let me describe the scenario I have in mind in a little more detail.
>
> The user visits RP-A. RP-A does not ask the user to enter any information at all. RP-A makes an authorization request to the OP passing only the OP identifier. The OP prompts the user for credentials, authenticates the user, and sends a positive assertion to RP-A. The user then clicks a link on the RP-A site that redirects the users browser to RP-B. My question is how does RP-B make an authentication request to the OP that results in the OP sending a positive assertion to RP-B where neither RP-B nor the OP prompts the user for any identification or credentials?
>
> -----Original Message-----
> From: yangman at gmail.com [mailto:yangman at gmail.com] On Behalf Of Yang Zhao
> Sent: Tuesday, April 03, 2012 10:14 PM
> To: Russ Ferrill
> Cc: openid-code at lists.openid.net
> Subject: Re: [Code] Single sign on
>
> On 3 April 2012 15:05, Russ Ferrill <rferrill at vendorsafe.com> wrote:
>> Let us suppose that there are two different relying part sites that both use
>> the same OP and want to implement single sign on between them so that if an
>> end user visits both sites the user is only prompted for login credentials a
>> single time.
>
> Yes, you can adopt OpenID to work as a SSO service. Basically
> implement relying parties such that they authenticate against a
> specific OP.
>
> Cheers,
> --
> Yang Zhao
> http://yangman.ca
--
Yang Zhao
http://yangman.ca
More information about the Code
mailing list