Many people reading my previous posts about our OpenID extension for OpenSSO asked me where is the OP (OpenID Provider) code in the OpenSSO repository. The answer is that there’s no code for it (right now) and the reason for this is that we thought deployers would likely develop their own OP with all the appropriate checks in place. But since I do get these requests and to complete the example I described in previous posts, Below is the source code for the simplest (i.e. dumbest) OP one can think of.
To refresh our memories after the holiday break, the role of the OP web application is to hand out the metadata related to the OpenID identifiers of (presumably known) users. That metadata (in the form of an html page with metadata placed in the <head> section) points to the location of the related OpenID server (for both versions 1 & 2).
In the present example, we will simply hand out that information to any appropriately formed URL (see this post). A real OP should probably verify that the OpenID identifier used corresponds to an existing user.
Please note that for the code below I chose to make my life easier and used the Jersey API to quickly create a simple web application. You can of course use servlets instead (or whatever) but REST is so easy with Jersey!
Apologies for the formatting but the string is way too long to fit in any way I tried. The key parts of that string are the two <link rel=…> elements which define the OpenID endpoints. Of course you’ll need to change those to match your deployment.
import javax.ws.rs.Path;
import javax.ws.rs.GET;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
/**
* REST Web Service
*
* @author Hubert A. Le Van Gong <hubert.levangong at Sun.COM>
*/
@Path("/{id}")
public class OP {
@Context
private UriInfo context;
String standard_profile = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<!DOCTYPE html PUBLIC\"-//W3C//DTD XHTML 1.0 Transitional//EN\"
+ \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\" >\n"
+"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
+ " <head>\n"
+" <link rel=\"openid.server\" href=\"http://openid.example.com:49723/openid/service\"/>\n"
+" <link rel=\"openid2.provider\" href=\"http://openid.example.com:49723/openid/service\"/>\n"
+" <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n"
+" <title>OpenSSO OpenID provider</title>\n"
+" <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />\n"
+" </head>\n"
+" <body>\n"
+" <div class=\"body\">\n"
+" <h2>This OpenID provider is based upon OpenID4Java & supports the following protocols</h2>\n"
+" <UL>\n"
+" <li>OpenID Authentication 2.0</li>\n"
+" <li>OpenID Authentication 1.1 (in compatibility mode)</li>\n"
+" <li>OpenID Attribute Exchange 1.0</li>\n"
+" <li>OpenID Simple Registration 1.0 and 1.1, draft 1</li>\n"
+" </UL>\n"
+" </div>\n"
+" <h2> To see the OpenID ID, view the source of this html page (usually achieved by right-clicking on the page)</h2>"
+" <div>\n"
+" </div>\n"
+" </body>\n"
+"</html>\n";
/** Creates a new instance of OP */
public OP() {
}
/**
* Retrieves representation of an instance of OP
* @return an instance of java.lang.String
*/
@GET
@Produces("text/html")
public String gethtml() {
return standard_profile;
}
January 7, 2010 at 14:27
Thanks much, Hubert. But there’s still some confusion here for me, as I’m new to so many of the underlying technologies (OpenId, IdM, not to mention Jersey/JSF/LDAP that this example and OpenSSO take for granted one groks well)
What you have listed above you refer to as an OpenID provider (OP). W/r/t the original OpenID/Opensso post, this is the OP.war file deployed at http://opensso.example.com:8080/OP, right?
But in that earlier post, you refer to this artifact as a webapp and mention that this simple application “will serve OpenID identifiers of the form http://your_hostname/OP/resources/user_name” and you refer to it as a webapp. Furthermore, there is a link in the page served by the Jersey artifact which references “openid2.provider”, and points back to the openid.war that contains the extension, a war with a ProviderServlet in it.
That suggests that the openid.war contains what I think of as an OP as well.
So are both this REST web service in the OP.war file AND the servlet inside the openid.war considered to be OPs? Are you using the term OP loosely?
And suppose I wanted to use the myopenid.com OpenID Provider. Do I just change the value of openid2.provider in this example to reference the OP managed by myopenid.com? Is that gonna work?
BTW, I’d be happy to take this discussion to either the forum or the mailing list – what do you think? I think it’s a good one to read into the public record, and comments on a blog entry aren’t quite the same thing.
Thanks again.
January 7, 2010 at 15:14
Hi Susan,
Good point, could you please send your last 2 messages to the users@opensso.dev.java.net mailing list?
That way we can continue our conversation there.
Cheers,
Hubert