Logged in: Logged in as: Log in
Register
Locations of visitors to this page SourceForge.net
free download
install guides
free wiki hosting
enterprise support
.
support
partners
Search:
Page last modified 23:18, 8 May 2008 by MaxM
Permalink: http://tinyurl.com/5tm9k5
MindTouch Developer Center > MindTouch Deki > Specs > OpenID

OpenID

Table of contents
  1. 1. Basics
  2. 2. Webserver
  3. 3. Coding
    1. 3.1. ToDo:
    2. 3.2. Feedback and discussion

          

Basics

We are going to implement an openID consumer on the basis of http://openidenabled.com Version 2.0.1.

Webserver

An additional folder “openid” is added to the webfolder and excluded from wiki access:

RewriteCond%{REQUEST_URI} !/(@api|editor|skins|config|openid)/.

Coding

We will use the modified mindtouch.deki.services.dll and mindtouch.deki.dll from:

http://wiki.opengarden.org/Deki_Wiki/Specs/Trusted_Authentication

  • Further, we modified the DekiWiki (PHP Frontend) in the following ways:
    • add Local Service in Control panel, using a unique SSID and a custom config parameter “Consumer”
    • add another constant “OPENID” with SSID value in webService.php (SSID serves as an identifier for the OPENID service)
    const OPENID = 'http://openidenabled.com/';
    • add another case within switch ($lService->GetSid()) in SpecialUserLogin.php for WebService::OPENID in order to pass self:LOGINOPENID to PrepareLoginHtml() function:
    case WebService::OPENID: 
{
return $this->PrepareLoginHtml(self::LOGINOPENID, $lService->GetId());
}
    • add another case within switch ($aLoginType) in PrepareLoginHtml() to display OpenID login HTML Data only,  without any additional input fields:
    case self::LOGINOPENID:
{
$lTableCells = array();
$lTableCells[] = new TableCell($lSubmit2->GetHtml());
$lTableRows[] = $lTableCells;
break;
}
    • add new submit form tag for OpenID button:
    $lSubmit2 = new SubmitFormTag($this->mHtmlTagNames['submit_openid']);
$lSubmit2->SetValue($this->mHtmlSubmitValues['openid']);
$lSubmit2->SetTagParam('tabindex', '8');
    • add new mHtmlTagNames  array value:
    'submit_openid' => 'dosubmit_openid'
    • add new mHtmlSubmitValues array value:
    'openid' => wfMsg('Page.UserLogin.submit-openid') . ' >>',
    • add “submit-openid=OpenID Login” under “[Page.UserLogin]” in resource/resources.txt
    • a button “OpenID Login” is now generated when selecting the OpenID authentication Service on user login page
    • the js function SaveCreds() needs to be modified to prevent a js error from happening when no input fields are displayed on login page (the only case when this applies is selecting the OpenID Service Option)
    function SaveCreds()
{
if(nameTag = document.getElementById(\''.$this->mHtmlTagIds['name'].'\')){
  var lName = nameTag.value;
  var lPwd = document.getElementById(\''.$this->mHtmlTagIds['password'].'\').value;
  x_wfSaveLoginPageCreds(lName, lPwd, SaveCreds_cb);
      }    
}
    • pressing the “OpenID Login” button will result in a reload being triggered by mHtmlTagNames['submit_openid']
    • the HandleRequest() function needs to be modified in order to identify the request and perform OpenID specific tasks:
    else if ($this->mRequest->getCheck($this->mHtmlTagNames['submit_openid'])){$this->RedirectOpenID();}
    • Add a new function to retrieve the OpenID Consumer URL previously defined as the configuration parameter “Consumer” in the local service:
    function GetOpenIDConsumer($aAuthServiceId)
{
$lDream = new DreamServiceManagement();
$lDream->SuppressErrors();
$lService = $lDream->GetById($aAuthServiceId);
if (is_object($lService))
{
   $ConfArr = $lService->GetConfig();
           return ($ConfArr['Consumer']);
   }
}
    • Add another function RedirectOpenID(), a new session name is defined and user is redirected to OpenID Consumer:
    function RedirectOpenID(){
$_SESSION['i2s_origin'] = "http://" . $_SERVER['SERVER_NAME'] . ereg_replace("Special:Userlogin", "", $_SERVER['REQUEST_URI']);
$consumer = $this->GetOpenIDConsumer($this->mRequest->getVal($this->mHtmlTagNames['service']));
$this->mOutput->redirect( "$consumer", '301');
    }
    • If not already logged in the user is redirected  to the OpenID Provider (Provider URL is hardcoded in Consumer) for further validation
    • OpenID Provider performs validation and sets an OpenID Cookie on success, user is redirected to finish_auth.php where /@api/deki/users/authenticate is called and Deki-Wiki authentication is done by setting another Cookie containing the returned authentication token
    • After Deki-Wiki authentication user is redirected back to URL previously defined in Session parameter

     

ToDo:

1.integrate OpenID Consumer into Deki-Wiki as a class by loading OpenID library directly, avoiding unnecessary redirections and allowing the use of a custom or predefined OpenID Provider . “Consumer” config parameter will then be replaced by “Provider” parameter. If no Provider was added by Deki-Wiki administration user will be given the option to input a custom one on login page.

2.if openID authentication does succeed but user is non-existent in Deki-Wiki Database, a new user needs to be created with an openID and a username. Currently the created username equals the openID resulting in the OpenID string being displayed instead of the actual username in Deki-Wiki. The Database needs to be modified as well to contain the actual username and OpenID string or multiple OpenIDs for a single user if stored in a separate table.

Tag page
What links here

Files 2

Attach file or image
FileSizeDateAttached by 
 modified_deki_wiki.rar
modified frontend
29.23 kB13:30, 20 May 2008kostyaActions
 modified_openid_consumer_files.rar
modified consumer
3.7 kB13:30, 20 May 2008kostyaActions

Images 0

 
You must login to post a comment.
Powered by MindTouch Deki v.8.08