[Zope-dev] Single Sign On

[Gary Poster]

On Feb 17, 2009, at 7:55 PM, Shane Hathaway wrote:

> Gary Poster wrote:
>> Launchpad uses OpenID.  We don't have that slated for abstraction  
>> and open-sourcing immediately. However, most of the Launchpad code  
>> (including this bit) is to be open-sourced by this summer,  
>> abstracted or not.  Therefore, we should at least be able to give  
>> you some idea of what we have done before then.
>> I've forwarded your email to the primary implementer/designer of  
>> our OpenID integration.  Hopefully he can directly participate, or  
>> at least give me some answers to forward to you.
>
> Cool, thanks.
>
>> Generally, we're using python-openid for the Zope code, and an  
>> Apache plugin as a front-end for hooking up other bits.
>
> In that case, what do you pass to Consumer.begin()?  It expects a  
> user URL and no password, yet launchpad.net accepts a user name and  
> password.
>
> Shane

Hi Shane.  Francis Lacoste gave this answer:

We use the OpenID 2.0 identifier select URL. This is a special OpenID  
url that
basically means: identity using whatever ID you have on that server.

The OpenID response will contain the actual OpenID identifier of the  
user at
the end of the request.

So sites that we integrate in our SSO simply sends you to Launchpad for
authentication and then uses the returned identifier to link with  
their local
account representation. We also use sreg (Simple Registration) to  
transfer
information about the account to the integrated sites, so that they can
update their local account representation with the central data.

Gary