Re: Delegated WebID authentication plugin contributed to fusionforge from Andrei Sambra on 2012-07-12 (public-webid@w3.org from July 2012)

From: Andrei Sambra <andrei@fcns.eu>
Date: Thu, 12 Jul 2012 18:16:11 +0200
To: public-webid@w3.org
Message-ID: <4FFEF84B.1040803@fcns.eu>

Hi Kingsley,

On 07/12/2012 06:03 PM, Kingsley Idehen wrote:
> On 7/12/12 11:39 AM, Olivier Berger wrote:
>> Hi.
>>
>> FYI, I've just contributed a FusionForge [0] plugin [1] that allows
>> one-click SSO to a forge using WebID (and a delegated IdP like
>> auth.my-profile.eu for instance).
>>
>> In future episodes, we may try and benefit from the forge's ability to
>> generate FOAF profiles for it's contributors to go one step beyond, but
>> that's already a start.
>>
>> The plugin relies on the PHP lib WebIDDelegatedAuth [2] that Andrei and me
>> just "forked off" libAuthentication (yesterday ;-). Thanks to Melvin and
>> other contributors for the license change, which helps embedding it in
>> fusionforge without rendering it AGPL.
>>
>> Best regards,
>>
>> [0]http://fusionforge.org/
>> [1]https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin
>> [1]https://github.com/WebIDauth/WebIDDelegatedAuth
>
> Great stuff.
>
> BTW -- I noticed your comment: "Popular WebID Idp are foafssl.org and
> auth.my-profile.eu." .
>
> Have you tried:
>
> 1. http://id.myopenlink.net/ods/webid_verify.vsp
> 2. http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP -- usage guide .
>
> If possible, could you please test our service as it should just work.
>
I just tried to authentication through your service. These are the 
problems I've encountered:

1. The service does not demand the browser cert, but instead expects the 
user to copy/paste the cert into a form field.

2. Returned URI does not conform to foafssl.org and auth.my-profile.eu. 
These are param names retuned by the services mentioned above:

a) webid= the urlencoded WebID of the user connecting

b) ts= a timestamp in XML Schema format

c) sig= the signature of the whole URL (signed with the IdP's private 
SSL key).

d) referer= the address of the IdP, which is needed to fetch the public 
key of the IdP's SSL certificate (so the application knows from which 
IDP the signed response comes from in order to choose the correct 
certificate to verify the signature)

More info about the 'protocol' can be found in the README here [0].

[0] https://github.com/WebIDauth/WebIDauth

Andrei

Received on Thursday, 12 July 2012 16:16:40 UTC