-
Notifications
You must be signed in to change notification settings - Fork 58
RelyingPartyDiscovery
johnny.bufu edited this page Jun 4, 2015
·
1 revision
Relying Parties must publish their endpoints in order for the OpenID Providers to be able to verify authentication requests and prevent proxy attacks. The Yadis protocol and realm verification mechanisms are used for this purpose. See the section "Discovering OpenID Relying Parties" of the OpenID Authentication specification for details.
Example:
<Service xmlns="xri://$xrd*($v*2.0)">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>http://consumer.example.com/return</URI>
</Service>
The RP should publish the above
<Service>
element at their realm URL. All OpenID Authentication request sent by this RP should contain openid.return_to values matching the http://consumer.example.com/return realm.
Validation of openid.return_to values against Relying Party Discovery endpoints is enabled by default. This feature can be disabled with ServerManager.setEnforceRpId(false).