Mannar and OpenId

Alright this month's installment is about Mannar and his requirement to get an open-id integration. As we all know there are lot of WEB2.0 activity. FB, Twitter, YouTube etc and all these WEB 2.0 websites have one common thread and that is, an user-id and password for authentication. When a user does not want to worry about maintaining different profile information along with different user-id and password, Open-id is a perfect solution. The other common term used for this integration is Single Sign-On or SSO. There are different flavors to reach SSO, one other method that is commonly used is using SAML spec. A big difference between SAML versus Open ID is; SAML specs are used when your project demands a seamless transition between operational domains. But if you are really interested in comparing SAML versus open-id for your project, here is a quick comparison link. Each has a powerful set of tools and operations that can be evaluated for project requirements.
In this post we are interested only in the Open-ID integration. How to go about going with this., Create a profile for Mannar in open id. This is a very straight forward process. Signup for credentials. Mannar's open id credentials can be verified by http://mannarwebapp.myopenid.com/.
There are couple of terms that that might help in the discussion
Request Provider (RP): The website that is going to service Mannar's requests, for example Facebook.
IDP or Identity Provider (IDP): The website that is going to assist users in authentication.
Now to the actual application:
The moving pieces are:

  • Open-ID user information/profile

  • Web page that will capture the credentials returned by IDP.


We already created the profile using myopenid. Secondly identifying a Java API  that will help us to integrate with openid. Openid4j is a good starting point. More information on this project is at openid4j. You can find some dependent jars that will be useful to add to your project classpath. Here is the screen-shot of the classpath of Mannar app.










From Blog Pictures


The main components that were added the openid4j.jar, commons discovery jars.
The first page of the application for this workflow looks something like this-










From Blog Pictures


The expected value in the screen is user's openid information. The input value that we will be adding mannarwebapp.openid.com. If you are not already signed in, application will redirect you to open-id website where you will be fulfilling your password credential and user will be redirected to the return URL. Our return URL is http://localhost:8080/MannarWeb/login.do?methodCall=PostLogin.
Here is how the struts configuration file looks like:










From Blog Pictures


.
The login form looks like:










From Blog Pictures


Login Action class is:










From Blog Pictures











From Blog Pictures











From Blog Pictures


Now to the registration service that is going to do the core of work: Following are the set of operations that will performed by registration service:


  • Create the static Consumer Manager class

  • Define the return URL where control should come back.

  • Create worker method that will carry user information to OpenID domain.

  • Utilize the AuthRequest information to create all necessary pay load for openid domain to use.

  • Perform the actual logon, process return values.


We will first take a look at the static consumer manager class:










From Blog Pictures


There is huge justification why consumer manager object should be a static return value for this object. I honestly did not explore how critical of keeping this as a static value.
We also specify the return URL for this operation to work successfully.
First critical method of the class is PerformDiscovery, method retrieves the static consumer manager class,










From Blog Pictures


Next step is the creation of OpenIDAuthRequest information, we have supply the Discovery object that we created in the previous method. This is a core method that stiches request information with required parameters. In our case we are demanding user with email, FullName, Date of birth and postal code. Authentication to OpenID domains is the major activity performed by this method.










From Blog Pictures


Finally the processReturn Method, retrieves all information that is needed by the application, If there is an exception, openid returns an error message that will be gracefully treated by the web app.










From Blog Pictures











From Blog Pictures


After all this ordeal the final screen looks like this:










From Blog Pictures


As and always all the code is in Google code if there are any inputs or feedback for this application.