Wiki

User Tools

  • Logged in as: anonymous (anonymous)
  • Log Out

Site Tools

Trace:
mantisbt:issue:8199

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
mantisbt:issue:8199 [2007/12/30 06:16] – created giallumantisbt:issue:8199 [2008/10/29 04:36] (current) – external edit 127.0.0.1
Line 46: Line 46:
     * Add user to database - api change needed to supply ''fullname'' and add an ''mantis_openid_table'' record.     * Add user to database - api change needed to supply ''fullname'' and add an ''mantis_openid_table'' record.
  
 +==== Reauthentication Flow ====
 +
 +  - Allow the user to enter an OpenId (if they have one)
 +  - Process openid in reauthentication code (change core?
 +    * get and post parameters need to be saved.
 +  - User authenticates on OpenId server.
 +  - Process response from the OpenId server.
 +    * Any errors show reauthenication page with message to let them use userid/password if they wish.
 +  - Dispay page that required authentication.
  
  
Line 75: Line 84:
  
 ==== Implementation Log ==== ==== Implementation Log ====
 +
  
  
 ===== Other Changes ===== ===== Other Changes =====
 +  * Plugin needs to be a be able to modify login page ([[http://www.mantisbt.org/bugs/view.php?id=8765|Issue 8765]])
 +  * Need event signal when user is deleted ([[http://www.mantisbt.org/bugs/view.php?id=8779|Issue 8779]])
 +  * Need event signal when user is forced to reauthenticate.
  
  
Line 89: Line 102:
 but in the java world the Acegi Spring security project developers have replaced JanRain with \\  but in the java world the Acegi Spring security project developers have replaced JanRain with \\ 
 OpenId4Java (see http://raykrueger.blogspot.com/2007/05/update-acegi-and-openid.html). OpenId4Java (see http://raykrueger.blogspot.com/2007/05/update-acegi-and-openid.html).
 +
  
 ===== Feedback ===== ===== Feedback =====
-  * Please provide feedback+  * [vboctor] I totally support the integration of open id in Mantis and as soon as we have a stable requirements and contributed implementation, it will go into Mantis 1.2.x branch. 
 +  * [vboctor] Do we really need to treat signup as a separate scenario from login?  Can't we have the user login and if not existing, then auto-signup? 
 +  * [vboctor] There should be a configuration option to enable / disable open id. 
 +  * * [NT]    To be handled by enabling / disabling the plugin-in. 
 +  * [vboctor] If the allow signup configuration option is disabled, then it shouldn't be possible to signup using open id. 
 +  * [vboctor] Specify the db schema changes involved. 
 +  * [vboctor] Provide some sample open id providers (e.g. myopenid and yahoo/gmail when they finalize their support). 
 +  * [vboctor] Do we need to support a mode where an admin can configure Mantis to only allow OPEN ID login/signup? 
 +  * [vboctor] If a user is already logged in using his/her open id, what will happen when they go to Mantis (i.e. describe single sign-on scenario). 
 +  * [vboctor] I haven't checked the license / quality of the suggested open id for PHP library. 
 +  * * [NT]    Licensed under the [[http://www.apache.org/licenses/LICENSE-2.0|Apache Software License]]. 
 +  * [vboctor] giallu directed me to [[http://framework.zend.com/manual/en/zend.openid.html|OpenID support by Zend Framework]].
mantisbt/issue/8199.1199013416.txt.gz · Last modified: (external edit)
CC Attribution-Noncommercial-Share Alike 4.0 International Driven by DokuWiki