[OpenID] OpenID through two-component server

[Arthur Goldberg]

Hello

We would like to use OpenID authentication.
But our system has two servers, not one: a Front-end provides analysis 
and a user interface, and a Back-end stores the data in a database and 
makes it available through a Web API.

Thus, a user interacts with our system like this:
Browser <-> Front-end <-> Back-end with Web API

It seems that an easy way for us to use OpenID would be for the Back-end 
to act as a Relaying Party and the Front-end to simply forward all 
OpenID protocol requests between the Browser and the Back-end. That is,
the Front-end will perform 7.1. Initiation (sections from OpenID 
Authentication 2.0 
<http://openid.net/specs/openid-authentication-2_0.html>), and keep that 
connection open
the Front-end will forward the OpenID URL provided by the user to a 
service on the Back-end, and keep that connection open
the Back-end then runs the OpenID protocol; the Front end acts as a 
tunnel between the Browser and the Back-end; it forwards all responses 
it receives from the Back-end to the Browser, and forwards all responses 
it receives from the Browser to the Back-end (it would be easy to do 
this with raw socket level code; I'm unsure of how to do it inside a 
servlet)
When the Front-end receives a Positive Assertion or a Negative Assertion 
it will

Does this make sense?
Is there a better way to accomplish what I want to do?
Does an existing implementation in Java exist that I could use?

Thanks
A

-- 
Senior Research Scientist
Computational Biology
Memorial Sloan-Kettering Cancer Center
cBio Cancer Genomics Portal <http://www.cbioportal.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110601/6c9a8339/attachment.html>