that I have started a project site to provide a platform for further
discussion and development. You will also find souce code from the OpenID-JSR-196 Login Module and a wiki page on the project site:
You are welcome to join this project.
A few months ago I started to work on a Internet Web Application using OpenID as the primary login mechanism. In the following I will explain how you can use OpenID in your JEE Application.
- Part I - The JSR-196, a general overview
- Part II - How to install a OpenID Module on Glassfish
- Part III - Using OpenID in your Web Application
OpenID is an open standard that allows a User to sign into web sites through a single URL (a single digital identity). This URL can be a personal home page, a blog or a web service (e.g from a OpenID Provider like myopenid or yahoo.com) that the user is already using. In any case the user must register only once with his OpenID service provider and therefore he need only one password. You can read more about the details on openid.net.
Using OpenID in a Web Application
There are different solutions available to enable a Web Application to login users with there OpenID url. One of the most auspicious mechanisms to integrate OpenID in JEE Applications is the jsr-196. This authentication service allows web containers to use different login modules - like an external openid provider. JSR-196 is part of Glassfish Server so a Login Mechanism based on the jsr-196 is very easy to use in a JEE or Web application. Ron Monzillo who is the specification lead gives a good overview about the jsr-192 on his blog "concepts behind JRS-196".
The OpenSSO extension jsr196
As a subproject of the OpenSSO Project Ron has published a first implementation of a OpenID Login Module based on the OpneID Standard 1.0. in june 2008. I joined this project and started the work with Ron on this implementation. There is an Issue List available where you can see topics of the current work. And also the sources can be downloaded frome here: https://opensso.dev.java.net/source/browse/opensso/extensions/jsr196/
We implemented a new parser to optimize the handshake between the login module and the openid provider and in 2009 I added different enhancements. Finally I implemented a new version of the Login Module which now supports also OpenID 2.0 Providers like yahoo.com. This new login module is located in the package com.sun.security.sam.openid2 and is called OpenIDServerAuthModule.
You can download the latest version of the library containing this OpenID Login Module from here: (sam.openid-0.0.1-SNAPSHOT.jar).
In the next part I will explain how you install the login module and which configuration on glassfish server is necessary.
In Part III. I will show how you enable your web application to logon users with an openID.
If you have any comments or suggestions let me know