OpenID issues, limiting source of OpenID server & altogether not working 100%
Added by Seaders O'Loinsigh about 14 years ago
So I'm part of a college society and we've got loadsa services that up until now had individual logins, which is obviously a PITA. I looked into a few solutions and OpenID was my preference and seeing that you guys were compatible with it was a huge bonus too.
Problem is because it's a college society, we can't actually allow all OpenID signings, only our own, from our CommunityID server, which we register users on. With the MediaWiki installation we've got, they're utilising the PHP library of JanRain's OpenID with a few things on top, one of which is $wgOpenIDConsumerAllow in their setup file, OpenID.Setup.php. That gives you the option of putting in an array of regular expressions which specify which OpenID server sign ins are allowed.
Thusfar, I've been trying to do the same with Redmine and / or ruby-openid, but I'm totally at a loss. I'm not massively experienced with Ruby and the documentation for this isn't the best. Most of the OpenID docs don't have anything to do with what I actually want, they're all about sign in from anywhere, which isn't what we need.
The other issue that I've got is that sometimes, it just plain doesn't work. If I've a user on our OpenID server, and try to login to my Redmine install with it, sometimes just nothing will happen. Sometimes it works perfectly, sometimes you just get bumped back to the sign in page, without any error in the browser, nor the server.
I've seen this come up a few times in this forum and in 'Issues', but I don't think any had a clear answer as to what was exactly going wrong, so if anyone can help me with that too, I'd greatly appreciate it.
It's a Debian machine, with ruby 1.8.7, rails-2.3.5, ruby-openid-2.1.8, and redmine is setup to run with fcgi and Apache. Everything else about the configuration and setup has run smoothly, but these are two major issues that would mean that we couldn't use Redmine, which I really don't want.
If any more info is needed, I'll gladly provide it, thanks
Replies (1)
RE: OpenID issues, limiting source of OpenID server & altogether not working 100% - Added by Seaders O'Loinsigh about 14 years ago
So I started poking 'round and got this all done myself, mainly through edits to 'account_controller.rb'.
I made a few superficial edits to login.rhtml and register.rhtml, to stop showing the username and password form by wrapping them in a '<% if not Setting.openid? %>' tag. Here's where the main part was done, though,
def open_id_authenticate(openid_username) if not openid_username.nil? openid_url = '<MY OPENID SERVER>' + openid_username end authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration| if result.successful? user = User.find_or_initialize_by_identity_url(identity_url) if user.new_record? user.login = registration['nickname'] unless registration['nickname'].nil? user.mail = registration['email'] unless registration['email'].nil? user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil? user.random_password user.register register_automatically(user) do onthefly_creation_failed(user) end =begin We are registering with openid registration only, so this is not needed. case Setting.self_registration when '1' register_by_email_activation(user) do onthefly_creation_failed(user) end when '3' register_automatically(user) do onthefly_creation_failed(user) end else register_manually_by_administrator(user) do onthefly_creation_failed(user) end end =end else # Existing record if user.active? successful_authentication(user) else account_pending end end
I also threw in 'invalid_credentials' to password_authentication there, to ensure that can't come in at all. So now registration is disabled, but you can login and automatically get registered, but only if you're coming from our OpenID server. Working perfect now!