[OpenID] openid in a non-distributed situation?
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Jul 19 00:29:41 UTC 2007
Simon Willison wrote:
> On 7/18/07, Gábor Farkas <gabor at nekomancer.net> wrote:
>
>> i'm trying to implement a single-signon system for an intranet-solution,
>> and had the idea that maybe openid would help there.
>>
>> i understand that it's not what openID is meant for, but i thought it
>> maybe could work in this situation.
>>
>
> On the contrary, I think OpenID is ideally suited for this.
Exactly! And the only way OpenID should be used currently :-D (Sorry
for the rant)
>
> The method you describe should work fine. I'm hoping that open source
> projects that include OpenID support will add settings to make this
> kind of thing easier - things like "only accept OpenIDs that match
> this pattern" or "glue the entered username on to this URL to create
> an OpenID, then use that".
It should be pretty easy to simply append the URL always to the
submittion field, which would contain only the user name. Obviously this
would serve a dual purpose, since if somebody would try to enter a
different URL (instead that of your internal IDP) it would land nowhere.
Example:
User submits "user" and the script appends .intern.yourdomain.com (the
domain of your IDP server) it will request authorization from the IDP
server, whereas "user.myopenid.com" would result in a failure because
user.myopenid.com.intern.yourdomain.com doesn't exist.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070719/3318ee9d/attachment-0002.htm>
More information about the general
mailing list