search

contactlaveena / dyuproject

Automatically exported from code.google.com/p/dyuproject
0 stars 0 forks source link

Discovery for google apps domains #23

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Google Apps returns OpenIDs in a format:

http://example.com/openid?id=123443480234

However, if the domain hasn't been deliberately set up for OpenID, then that 
URL won't resolve in the discovery phase.

Even if you have set up your Google Apps domain according to their 
recommendations, using the host-meta file, dyuproject doesn't currently scan 
host-meta and thus wouldn't discover your OpenID endpoint anyway.

The attached pings google's servers to see if the domain of the OpenID is 
hosted at google and, if so, runs discovery on their OpenID endpoint.

See 
http://groups.google.com/group/google-federated-login-api/web/openid-discovery-f
or-hosted-domains

To used it, create a new ChainedDIscovery class and use that as the discovery 
implementation for your RelyingParty.  For example:

{{{
ChainedDiscovery discovery = new ChainedDiscovery(new Discovery[]{new 
YadisDiscovery(),
                new GoogleAppsDiscovery(),
                new HtmlBasedDiscovery()
                });
OpenIdContext context = new OpenIdContext(discovery, new 
DiffieHellmanAssociation(), httpConnector);
relyingParty = new RelyingParty(context, new HttpSessionUserManager(), 
userCache, false, false, new SimpleRedirection(), "openid");
}}}

Original issue reported on code.google.com by dob...@gmail.com on 30 Aug 2010 at 7:59

Attachments:

GoogleCodeExporter commented 9 years ago 
Fixed to close() the Response object otherwise the socket is never released.

Original comment by dob...@gmail.com on 30 Aug 2010 at 10:14

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks ... this definitely provides GoogleApps support without extra 
configuration on the owner's site.

This will be added.  I wonder if this should be enabled by default (in 
DefaultDiscovery chain)

Original comment by david.yu...@gmail.com on 31 Aug 2010 at 6:54

GoogleCodeExporter commented 9 years ago 
BTW does dyuproject ever check .well-known/host-meta at all?

This class could easily be adapted to another class which does that check - 
just need to change the way the host-meta URL is calculated.

I didn't have a domain with .well-known/host-meta to test that feature against 
so I didn't make that version of the class.

Original comment by dob...@gmail.com on 31 Aug 2010 at 6:01

GoogleCodeExporter commented 9 years ago 
There are currently no checks for the host meta.
The domain dyuproject.com has a .well-known/host-meta you can test with 
google's server.
Basically the response was:

Link: <https://www.google.com/accounts/o8/site-xrds?ns=2&hd=dyuproject.com>; 
rel="describedby http://reltype.google.com/openid/xrd-op"; 
type="application/xrds+xml"

Original comment by david.yu...@gmail.com on 31 Aug 2010 at 6:43