forked from jbufu/openid4java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoverview.html
203 lines (166 loc) · 7.03 KB
/
overview.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<!--
~ Copyright 2006-2008 Sxip Identity Corporation
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
</head>
<body bgcolor="white">
<h3>
OpenID4Java library offers support for OpenID-enabling a consumer site or
implementing an OpenID Provider server.
</h3>
<h4>Consumer Site / Relying Party:</h4>
<p>
The main interaction points between a web application acting as a
Relying Party (Consumer) and the library are the
{@link org.openid4java.consumer.ConsumerManager ConsumerManager} and
{@link org.openid4java.discovery.Discovery Discovery} classes.
A reference {@link org.openid4java.consumer.SampleConsumer SampleConsumer}
implementation is provided in the consumer package.
See the general <a href="#RelyingParty-usage"> usage pattern </a> below.
</p>
<h4>OpenID Provider / Server:</h4>
<p>
The main interaction point between a web application acting as a
OpenID Provider (Server) and the library is the
{@link org.openid4java.server.ServerManager ServerManager} class.
A reference {@link org.openid4java.server.SampleServer SampleServer}
implementation is provided in the server package.
See the general <a href="#OpenID-Provider-usage"> usage pattern</a> below.
</p>
<a name="RelyingParty-usage" />
<h4>Relying Party / Consumer Usage Pattern:</h4>
<pre>
// instantiate a ConsumerManager object
public static manager = new ConsumerManager();
// --- placing the authentication request ---
// determine a return_to URL where your application will receive
// the authentication responses from the OpenID provider
String returnToUrl = "http://example.com/openid";
// build an Identifier instance from the user-supplied identifier
Identifier identifier = Discovery.parseIdentifier(userSuppliedString);
// perform discovery on the user-supplied identifier
List discoveries = Discovery.discover(identifier);
// attempt to associate with an OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = manager.associate(discoveries);
// store the discovery information in the user's session
session.setAttribute("openid-disco", discovered);
// Attribute Exchange example: fetching the 'email' attribute
FetchRequest fetch = new FetchRequest();
fetch.addAttribute("email", // attribute alias
"http://schema.openid.net/contact/email", // type URI
true); // required
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
// attach the extension to the authentication request
authReq.addExtensionParams(fetch);
if (! discovered.isVersion2() )
{
// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
// The only method supported in OpenID 1.x
// redirect-URL usually limited to 255 bytes
return authReq.getRedirectUrl();
}
else
{
// Option 2: HTML FORM Redirection
// Allows payloads > 255 bytes
// <FORM action="OpenID Provider's service endpoint">
// see samples/formredirection.jsp for a JSP example
authReq.getOPEndpoint();
// build a HTML FORM with the message parameters
authReq.getParameterMap();
}
// --- processing the authentication response
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList response = new ParameterList(httpReq.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered
= (DiscoveryInformation) session.getAttribute("openid-disco");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = httpReq.getRequestURL();
String queryString = httpReq.getQueryString();
if (queryString != null && queryString.length() > 0)
receivingURL.append("?").append(httpReq.getQueryString());
// verify the response; ConsumerManager needs to be the same
// (static) instance used to place the authentication request
VerificationResult verification = manager.verify(
receivingURL.toString(),
response, discovered);
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified != null)
{
// Attribute Exchange: retrieving the fetched "email" attribute
AuthSuccess authSuccess = AuthSuccess.createAuthSuccess(response);
MessageExtension ext =
authSuccess.getExtension(AxMessage.OPENID_NS_AX);
if (ext != null)
{
FetchResponse fetchResp =
new FetchResponse(ext.getParameters());
String email = fetchResp.getParameter("email");
}
return verified; // success
}
</pre>
<a name="OpenID-Provider-usage" />
<h4>OpenID Provider / Server Usage Pattern:</h4>
<pre>
// instantiate a ServerManager object
public static ServerManager manager = new ServerManager();
// configure the OpenID Provider's endpoint URL
static
{
manager.setOPEndpointUrl("Http://my.openidprovider.com/server");
}
// extract the parameters from the request
ParameterList request = new ParameterList(httpReq.getParameterMap());
String mode = request.hasParameter("openid.mode") ?
request.getParameterValue("openid.mode") : null;
Message response;
String responseText;
if ("associate".equals(mode))
{
// --- process an association request ---
response = manager.associationResponse(request);
responseText = response.keyValueFormEncoding();
}
else if ("checkid_setup".equals(mode)
|| "checkid_immediate".equals(mode))
{
// interact with the user and obtain data needed to continue
List userData = userInteraction(request);
String userSelectedId = (String) userData.get(0);
String userSelectedClaimedId = (String) userData.get(1);
Boolean authenticatedAndApproved = (Boolean) userData.get(2);
// --- process an authentication request ---
response = manager.authResponse(request,
userSelectedId,
userSelectedClaimedId,
authenticatedAndApproved.booleanValue());
// caller will need to decide which of the following to use:
// - GET HTTP-redirect to the return_to URL
// - HTML FORM Redirection
responseText = response.wwwFormEncoding();
}
else if ("check_authentication".equals(mode))
{
// --- processing a verification request ---
response = manager.verify(request);
responseText = response.keyValueFormEncoding();
}
else
{
// --- error response ---
response = DirectError.createDirectError("Unknown request");
responseText = response.keyValueFormEncoding();
}
// return the result to the user
return responseText;
</pre>
</body>
</html>