Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.1
    • Fix Version/s: 2.2.1
    • Component/s: Admin Portlets
    • Labels:
      None
    • Environment:
      Jetspeed Portal

      Description

      Add OpenID Portal login support, registering and authenticating users using email address accessed from OpenID Provider.

      Support Google, Yahoo, and myOpenID providers.

        Issue Links

          Activity

          Ate Douma made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Randy Watler made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          Randy Watler added a comment -

          Initial OpenId support implementation verified against Google hosted, Google public, Yahoo, and MyOpenID providers.

          Show
          Randy Watler added a comment - Initial OpenId support implementation verified against Google hosted, Google public, Yahoo, and MyOpenID providers.
          Randy Watler made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          Randy Watler made changes -
          Link This issue relates to JS2-1140 [ JS2-1140 ]
          Randy Watler made changes -
          Link This issue relates to JS2-1139 [ JS2-1139 ]
          Hide
          Randy Watler added a comment -

          Update:

          Jetspeed svn commit: 910835, 910837

          Add PortalReservedParameter.SESSION_OPEN_ID_PROVIDER session attribute to expose current OpenID provider to portlets indicating a valid portal login for a domain.

          J2-admin svn commit: 910838

          Add OpenIDIFramePortlet that displays its content only when a specific OpenID provider domain has been used for the current portal session login.

          Show
          Randy Watler added a comment - Update: Jetspeed svn commit: 910835, 910837 Add PortalReservedParameter.SESSION_OPEN_ID_PROVIDER session attribute to expose current OpenID provider to portlets indicating a valid portal login for a domain. J2-admin svn commit: 910838 Add OpenIDIFramePortlet that displays its content only when a specific OpenID provider domain has been used for the current portal session login.
          Hide
          Randy Watler added a comment -

          Additional commits to support Google's proposed OpenID extensions for hosted domain metadata discovery/validation implemented in the Step2 project libraries:

          J2-admin: 909922 and Jetspeed: 909924

          These modifications changed the configuration options for the OpenIDRelayingPartyServlet to include the specification of the Step2 consumer implementation to override the standard openid4java implementation. Here is an example that assumes 'mydomain.com' is hosted by Google Apps:

          <init-param>
          <description>Discovery domain to consumer implementation mapping.</description>
          <param-name>consumer.mydomain.com</param-name>
          <param-value>step2</param-value>
          </init-param>
          <init-param>
          <description>Discovery domain to provider URL/host mapping.</description>
          <param-name>discovery.mydomainalias.com</param-name>
          <param-value>mydomain.com</param-value>
          </init-param>
          <init-param>
          <description>Discovery domain to consumer implementation mapping.</description>
          <param-name>consumer.mydomainalias.com</param-name>
          <param-value>step2</param-value>
          </init-param>

          Additional preferences and options have been added to the OpenIDLoginPortlet to control the OpenID login buttons and whether the OpenID provider/URL entry field appears in the portlet:

          <init-param>
          <description>Display names for OpenID provider buttons.</description>
          <name>providerLabels</name>
          <value>Gmail, Yahoo!, myOpenID</value>
          </init-param>
          <init-param>
          <description>Domain names for OpenID provider buttons.</description>
          <name>providerDomains</name>
          <value>gmail.com, yahoo.com, myopenid.com</value>
          </init-param>
          <init-param>
          <description>Enable OpenID provider or URL entry.</description>
          <name>enableOpenIDEntry</name>
          <value>true</value>
          </init-param>

          <!-- Display names for OpenID provider buttons. -->
          <preference>
          <name>providerLabels</name>
          <value>Gmail, Yahoo!, myOpenID</value>
          </preference>
          <!-- Domain names for OpenID provider buttons. -->
          <preference>
          <name>providerDomains</name>
          <value>gmail.com, yahoo.com, myopenid.com</value>
          </preference>
          <!-- Enable OpenID provider or URL entry. -->
          <preference>
          <name>enableOpenIDEntry</name>
          <value>true</value>
          </preference>

          Show
          Randy Watler added a comment - Additional commits to support Google's proposed OpenID extensions for hosted domain metadata discovery/validation implemented in the Step2 project libraries: J2-admin: 909922 and Jetspeed: 909924 These modifications changed the configuration options for the OpenIDRelayingPartyServlet to include the specification of the Step2 consumer implementation to override the standard openid4java implementation. Here is an example that assumes 'mydomain.com' is hosted by Google Apps: <init-param> <description>Discovery domain to consumer implementation mapping.</description> <param-name>consumer.mydomain.com</param-name> <param-value>step2</param-value> </init-param> <init-param> <description>Discovery domain to provider URL/host mapping.</description> <param-name>discovery.mydomainalias.com</param-name> <param-value>mydomain.com</param-value> </init-param> <init-param> <description>Discovery domain to consumer implementation mapping.</description> <param-name>consumer.mydomainalias.com</param-name> <param-value>step2</param-value> </init-param> Additional preferences and options have been added to the OpenIDLoginPortlet to control the OpenID login buttons and whether the OpenID provider/URL entry field appears in the portlet: <init-param> <description>Display names for OpenID provider buttons.</description> <name>providerLabels</name> <value>Gmail, Yahoo!, myOpenID</value> </init-param> <init-param> <description>Domain names for OpenID provider buttons.</description> <name>providerDomains</name> <value>gmail.com, yahoo.com, myopenid.com</value> </init-param> <init-param> <description>Enable OpenID provider or URL entry.</description> <name>enableOpenIDEntry</name> <value>true</value> </init-param> <!-- Display names for OpenID provider buttons. --> <preference> <name>providerLabels</name> <value>Gmail, Yahoo!, myOpenID</value> </preference> <!-- Domain names for OpenID provider buttons. --> <preference> <name>providerDomains</name> <value>gmail.com, yahoo.com, myopenid.com</value> </preference> <!-- Enable OpenID provider or URL entry. --> <preference> <name>enableOpenIDEntry</name> <value>true</value> </preference>
          Randy Watler made changes -
          Field Original Value New Value
          Status Open [ 1 ] In Progress [ 3 ]
          Hide
          Randy Watler added a comment - - edited

          Todo for next update:

          1. update portal documentation
          2. disable EDIT_DEFAULTS mode for page owners, (should be only accessible by admin users)
          3. verify Relaying Party metadata access on system deployed on internet
          4. add OpenID configuration support to Jetspeed archetypes

          Show
          Randy Watler added a comment - - edited Todo for next update: 1. update portal documentation 2. disable EDIT_DEFAULTS mode for page owners, (should be only accessible by admin users) 3. verify Relaying Party metadata access on system deployed on internet 4. add OpenID configuration support to Jetspeed archetypes
          Hide
          Randy Watler added a comment -

          Configuration:

          j2-admin portal.xml:
          ---------------------------------------------------

          <portlet id="OpenIDLoginPortlet">
          <description>
          Logs a user on to the Jetspeed portal using an OpenID Provider
          and a built in Relaying Party servlet implmentation. Copies
          and maintains user information in Jetspeed user data on login.
          </description>
          <portlet-name>OpenIDLoginPortlet</portlet-name>
          <display-name>OpenID Login Portlet</display-name>
          <portlet-class>org.apache.jetspeed.portlets.openid.OpenIDLoginPortlet</portlet-class>
          <init-param>
          <name>ViewPage</name>
          <value>/WEB-INF/security/login/openid-login.jsp</value>
          </init-param>
          <init-param>
          <name>EditPage</name>
          <value>/WEB-INF/security/login/openid-login-prefs.jsp</value>
          </init-param>
          <init-param>
          <description>Enable portlet init parameter registration configuration.</description>
          <name>enableRegistrationConfig</name>
          <value>false</value>
          </init-param>
          <init-param>
          <description>Global enable new user registration.</description>
          <name>enableRegistration</name>
          <value>true</value>
          </init-param>
          <init-param>
          <description>Global new user template directory to be used for registration.</description>
          <name>newUserTemplateDirectory</name>
          <value>/_template/new-user/</value>
          </init-param>
          <init-param>
          <description>Global subsite root folder to be used for registration.</description>
          <name>subsiteRootFolder</name>
          <value></value>
          </init-param>
          <init-param>
          <description>Global roles to be assigned at registration.</description>
          <name>roles</name>
          <value>user</value>
          </init-param>
          <init-param>
          <description>Global groups to be assigned at registration.</description>
          <name>groups</name>
          <value></value>
          </init-param>
          <init-param>
          <description>Global profiling rule names to be assigned at registration.</description>
          <name>rulesNames</name>
          <value>page</value>
          </init-param>
          <init-param>
          <description>Global profiling rule values to be assigned at registration.</description>
          <name>rulesValues</name>
          <value>j2</value>
          </init-param>
          <init-param>
          <name>portlet-icon</name>
          <value>system-lock-screen.png</value>
          </init-param>
          <expiration-cache>0</expiration-cache>
          <supports>
          <mime-type>text/html</mime-type>
          <portlet-mode>VIEW</portlet-mode>
          <portlet-mode>edit_defaults</portlet-mode>
          </supports>
          <resource-bundle>org.apache.jetspeed.portlets.security.resources.OpenIDLoginResources</resource-bundle>
          <portlet-preferences>
          <!-- Enable portlet preferences registration configuration. -->
          <preference>
          <name>enableRegistrationConfig</name>
          <value>false</value>
          </preference>
          <!-- New user registration. -->
          <preference>
          <name>enableRegistration</name>
          <value>true</value>
          </preference>
          <!-- New user template directory to be used for registration. -->
          <preference>
          <name>newUserTemplateDirectory</name>
          <value>/_template/new-user/</value>
          </preference>
          <!-- Subsite root folder to be used for registration. -->
          <preference>
          <name>subsiteRootFolder</name>
          <value></value>
          </preference>
          <!-- Roles to be assigned at registration. -->
          <preference>
          <name>roles</name>
          <value>user</value>
          </preference>
          <!-- Groups to be assigned at registration. -->
          <preference>
          <name>groups</name>
          <value></value>
          </preference>
          <!-- Profiling rule names to be assigned at registration. -->
          <preference>
          <name>rulesNames</name>
          <value>page</value>
          </preference>
          <!-- Profiling rule values to be assigned at registration. -->
          <preference>
          <name>rulesValues</name>
          <value>j2</value>
          </preference>
          </portlet-preferences>
          <portlet-info>
          <title>OpenID Login</title>
          <short-title>OpenID Login</short-title>
          <keywords>openid,login,security,management,admin</keywords>
          </portlet-info>
          </portlet>

          j2-admin jetspeed-portal.xml:
          ---------------------------------------------------

          <portlet>
          <portlet-name>OpenIDLoginPortlet</portlet-name>
          <js:security-constraint-ref>public-view</js:security-constraint-ref>
          <dc:title>OpenID Login Portlet</dc:title>
          <dc:creator>J2 Team</dc:creator>
          </portlet>

          PSML: default-page.psml:
          ---------------------------------------------------

          <fragment id="dp-12" type="portlet" name="j2-admin::OpenIDLoginPortlet">
          <property layout="TwoColumns" name="row" value="5" />
          <property layout="TwoColumns" name="column" value="1" />
          </fragment>

          portal web.xml:
          ---------------------------------------------------

          <filter>
          <filter-name>OpenIDPortalFilter</filter-name>
          <filter-class>org.apache.jetspeed.openid.filter.OpenIDPortalFilter</filter-class>
          </filter>

          <filter-mapping>
          <filter-name>OpenIDPortalFilter</filter-name>
          <url-pattern>/*</url-pattern>
          </filter-mapping>

          <servlet>
          <description>
          OpenID Relaying Party, (RP), servlet used to return discovery
          metadata at OpenID realm and to process authentication return
          requests.
          </description>
          <display-name>OpenID Relaying Party Servlet</display-name>
          <servlet-name>OpenIDRelayingPartyServlet</servlet-name>
          <servlet-class>org.apache.jetspeed.openid.OpenIDRelayingPartyServlet</servlet-class>
          <init-param>
          <description>Discovery domain to URL mapping.</description>
          <param-name>discovery.gmail.com</param-name>
          <param-value>https://www.google.com/accounts/o8/id</param-value>
          </init-param>
          <init-param>
          <description>Discovery domain to URL mapping.</description>
          <param-name>discovery.yahoo.com</param-name>
          <param-value>http://yahoo.com</param-value>
          </init-param>
          <init-param>
          <description>Discovery domain to URL mapping.</description>
          <param-name>discovery.myopenid.com</param-name>
          <param-value>http://myopenid.com</param-value>
          </init-param>
          <init-param>
          <description>Enable servlet init parameter registration configuration.</description>
          <param-name>enableRegistrationConfig</param-name>
          <param-value>false</param-value>
          </init-param>
          <init-param>
          <description>Enable new user registration.</description>
          <param-name>enableRegistration</param-name>
          <param-value>true</param-value>
          </init-param>
          <init-param>
          <description>Global new user template directory to be used for registration.</description>
          <param-name>newUserTemplateDirectory</param-name>
          <param-value>/_template/new-user/</param-value>
          </init-param>
          <init-param>
          <description>Global subsite root folder to be used for registration.</description>
          <param-name>subsiteRootFolder</param-name>
          <param-value></param-value>
          </init-param>
          <init-param>
          <description>Global roles to be assigned at registration.</description>
          <param-name>roles</param-name>
          <param-value>user</param-value>
          </init-param>
          <init-param>
          <description>Global groups to be assigned at registration.</description>
          <param-name>groups</param-name>
          <param-value></param-value>
          </init-param>
          <init-param>
          <description>Global profiling rule names to be assigned at registration.</description>
          <param-name>rulesNames</param-name>
          <param-value>page</param-value>
          </init-param>
          <init-param>
          <description>Global profiling rule values to be assigned at registration.</description>
          <param-name>rulesValues</param-name>
          <param-value>j2</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
          </servlet>

          <servlet-mapping>
          <servlet-name>OpenIDRelayingPartyServlet</servlet-name>
          <url-pattern>/openid</url-pattern>
          <url-pattern>/openid/*</url-pattern>
          </servlet-mapping>

          Show
          Randy Watler added a comment - Configuration: j2-admin portal.xml: --------------------------------------------------- <portlet id="OpenIDLoginPortlet"> <description> Logs a user on to the Jetspeed portal using an OpenID Provider and a built in Relaying Party servlet implmentation. Copies and maintains user information in Jetspeed user data on login. </description> <portlet-name>OpenIDLoginPortlet</portlet-name> <display-name>OpenID Login Portlet</display-name> <portlet-class>org.apache.jetspeed.portlets.openid.OpenIDLoginPortlet</portlet-class> <init-param> <name>ViewPage</name> <value>/WEB-INF/security/login/openid-login.jsp</value> </init-param> <init-param> <name>EditPage</name> <value>/WEB-INF/security/login/openid-login-prefs.jsp</value> </init-param> <init-param> <description>Enable portlet init parameter registration configuration.</description> <name>enableRegistrationConfig</name> <value>false</value> </init-param> <init-param> <description>Global enable new user registration.</description> <name>enableRegistration</name> <value>true</value> </init-param> <init-param> <description>Global new user template directory to be used for registration.</description> <name>newUserTemplateDirectory</name> <value>/_template/new-user/</value> </init-param> <init-param> <description>Global subsite root folder to be used for registration.</description> <name>subsiteRootFolder</name> <value></value> </init-param> <init-param> <description>Global roles to be assigned at registration.</description> <name>roles</name> <value>user</value> </init-param> <init-param> <description>Global groups to be assigned at registration.</description> <name>groups</name> <value></value> </init-param> <init-param> <description>Global profiling rule names to be assigned at registration.</description> <name>rulesNames</name> <value>page</value> </init-param> <init-param> <description>Global profiling rule values to be assigned at registration.</description> <name>rulesValues</name> <value>j2</value> </init-param> <init-param> <name>portlet-icon</name> <value>system-lock-screen.png</value> </init-param> <expiration-cache>0</expiration-cache> <supports> <mime-type>text/html</mime-type> <portlet-mode>VIEW</portlet-mode> <portlet-mode>edit_defaults</portlet-mode> </supports> <resource-bundle>org.apache.jetspeed.portlets.security.resources.OpenIDLoginResources</resource-bundle> <portlet-preferences> <!-- Enable portlet preferences registration configuration. --> <preference> <name>enableRegistrationConfig</name> <value>false</value> </preference> <!-- New user registration. --> <preference> <name>enableRegistration</name> <value>true</value> </preference> <!-- New user template directory to be used for registration. --> <preference> <name>newUserTemplateDirectory</name> <value>/_template/new-user/</value> </preference> <!-- Subsite root folder to be used for registration. --> <preference> <name>subsiteRootFolder</name> <value></value> </preference> <!-- Roles to be assigned at registration. --> <preference> <name>roles</name> <value>user</value> </preference> <!-- Groups to be assigned at registration. --> <preference> <name>groups</name> <value></value> </preference> <!-- Profiling rule names to be assigned at registration. --> <preference> <name>rulesNames</name> <value>page</value> </preference> <!-- Profiling rule values to be assigned at registration. --> <preference> <name>rulesValues</name> <value>j2</value> </preference> </portlet-preferences> <portlet-info> <title>OpenID Login</title> <short-title>OpenID Login</short-title> <keywords>openid,login,security,management,admin</keywords> </portlet-info> </portlet> j2-admin jetspeed-portal.xml: --------------------------------------------------- <portlet> <portlet-name>OpenIDLoginPortlet</portlet-name> <js:security-constraint-ref>public-view</js:security-constraint-ref> <dc:title>OpenID Login Portlet</dc:title> <dc:creator>J2 Team</dc:creator> </portlet> PSML: default-page.psml: --------------------------------------------------- <fragment id="dp-12" type="portlet" name="j2-admin::OpenIDLoginPortlet"> <property layout="TwoColumns" name="row" value="5" /> <property layout="TwoColumns" name="column" value="1" /> </fragment> portal web.xml: --------------------------------------------------- <filter> <filter-name>OpenIDPortalFilter</filter-name> <filter-class>org.apache.jetspeed.openid.filter.OpenIDPortalFilter</filter-class> </filter> <filter-mapping> <filter-name>OpenIDPortalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <description> OpenID Relaying Party, (RP), servlet used to return discovery metadata at OpenID realm and to process authentication return requests. </description> <display-name>OpenID Relaying Party Servlet</display-name> <servlet-name>OpenIDRelayingPartyServlet</servlet-name> <servlet-class>org.apache.jetspeed.openid.OpenIDRelayingPartyServlet</servlet-class> <init-param> <description>Discovery domain to URL mapping.</description> <param-name>discovery.gmail.com</param-name> <param-value> https://www.google.com/accounts/o8/id </param-value> </init-param> <init-param> <description>Discovery domain to URL mapping.</description> <param-name>discovery.yahoo.com</param-name> <param-value> http://yahoo.com </param-value> </init-param> <init-param> <description>Discovery domain to URL mapping.</description> <param-name>discovery.myopenid.com</param-name> <param-value> http://myopenid.com </param-value> </init-param> <init-param> <description>Enable servlet init parameter registration configuration.</description> <param-name>enableRegistrationConfig</param-name> <param-value>false</param-value> </init-param> <init-param> <description>Enable new user registration.</description> <param-name>enableRegistration</param-name> <param-value>true</param-value> </init-param> <init-param> <description>Global new user template directory to be used for registration.</description> <param-name>newUserTemplateDirectory</param-name> <param-value>/_template/new-user/</param-value> </init-param> <init-param> <description>Global subsite root folder to be used for registration.</description> <param-name>subsiteRootFolder</param-name> <param-value></param-value> </init-param> <init-param> <description>Global roles to be assigned at registration.</description> <param-name>roles</param-name> <param-value>user</param-value> </init-param> <init-param> <description>Global groups to be assigned at registration.</description> <param-name>groups</param-name> <param-value></param-value> </init-param> <init-param> <description>Global profiling rule names to be assigned at registration.</description> <param-name>rulesNames</param-name> <param-value>page</param-value> </init-param> <init-param> <description>Global profiling rule values to be assigned at registration.</description> <param-name>rulesValues</param-name> <param-value>j2</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet-mapping> <servlet-name>OpenIDRelayingPartyServlet</servlet-name> <url-pattern>/openid</url-pattern> <url-pattern>/openid/*</url-pattern> </servlet-mapping>
          Hide
          Randy Watler added a comment -

          Initial implementation includes the following:

          j2-admin OpenID login portlet:

          src/main/java/org/apache/jetspeed/portlets/openid/OpenIDLoginPortlet.java
          src/main/resources/org/apache/jetspeed/portlets/security/resources/OpenIDLoginResources*.properties

          Portal OpenID Relaying Party servlet:

          components/jetspeed-portal/src/main/java/org/apache/jetspeed/openid/OpenIDRelayingPartyServlet.java

          Portal OpenID login filter:

          components/jetspeed-portal/src/main/java/org/apache/jetspeed/openid/filter/OpenIDPortalFilter.java

          j2-admin portlet configuration:

          src/main/webapp/WEB-INF/portlet.xml
          src/main/webapp/WEB-INF/jetspeed-portlet.xml

          Portal servlet configuration:

          applications/jetspeed/src/main/webapp/WEB-INF/web.xml

          SVN revisions: j2-admin: 907379, jetspeed: 907378

          Show
          Randy Watler added a comment - Initial implementation includes the following: j2-admin OpenID login portlet: src/main/java/org/apache/jetspeed/portlets/openid/OpenIDLoginPortlet.java src/main/resources/org/apache/jetspeed/portlets/security/resources/OpenIDLoginResources*.properties Portal OpenID Relaying Party servlet: components/jetspeed-portal/src/main/java/org/apache/jetspeed/openid/OpenIDRelayingPartyServlet.java Portal OpenID login filter: components/jetspeed-portal/src/main/java/org/apache/jetspeed/openid/filter/OpenIDPortalFilter.java j2-admin portlet configuration: src/main/webapp/WEB-INF/portlet.xml src/main/webapp/WEB-INF/jetspeed-portlet.xml Portal servlet configuration: applications/jetspeed/src/main/webapp/WEB-INF/web.xml SVN revisions: j2-admin: 907379, jetspeed: 907378
          Randy Watler created issue -

            People

            • Assignee:
              Randy Watler
              Reporter:
              Randy Watler
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development