Re: Delegated WebID authentication plugin contributed to fusionforge from Kingsley Idehen on 2012-07-12 (public-webid@w3.org from July 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 12 Jul 2012 12:59:40 -0400
To: public-webid@w3.org
CC: Sebastian Trueg <trueg@openlinksw.com>
Message-ID: <4FFF027C.1040907@openlinksw.com>

On 7/12/12 12:16 PM, Andrei Sambra wrote:
> Hi Kingsley,
>
> On 07/12/2012 06:03 PM, Kingsley Idehen wrote:
>> On 7/12/12 11:39 AM, Olivier Berger wrote:
>>> Hi.
>>>
>>> FYI, I've just contributed a FusionForge [0] plugin [1] that allows
>>> one-click SSO to a forge using WebID (and a delegated IdP like
>>> auth.my-profile.eu for instance).
>>>
>>> In future episodes, we may try and benefit from the forge's ability to
>>> generate FOAF profiles for it's contributors to go one step beyond, but
>>> that's already a start.
>>>
>>> The plugin relies on the PHP lib WebIDDelegatedAuth [2] that Andrei 
>>> and me
>>> just "forked off" libAuthentication (yesterday ;-). Thanks to Melvin 
>>> and
>>> other contributors for the license change, which helps embedding it in
>>> fusionforge without rendering it AGPL.
>>>
>>> Best regards,
>>>
>>> [0]http://fusionforge.org/
>>> [1]https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin 
>>>
>>> [1]https://github.com/WebIDauth/WebIDDelegatedAuth
>>
>> Great stuff.
>>
>> BTW -- I noticed your comment: "Popular WebID Idp are foafssl.org and
>> auth.my-profile.eu." .
>>
>> Have you tried:
>>
>> 1. http://id.myopenlink.net/ods/webid_verify.vsp
>> 2. http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP -- usage guide .
>>
>> If possible, could you please test our service as it should just work.
>>
> I just tried to authentication through your service. These are the 
> problems I've encountered:
>
> 1. The service does not demand the browser cert, but instead expects 
> the user to copy/paste the cert into a form field.
>
> 2. Returned URI does not conform to foafssl.org and 
> auth.my-profile.eu. These are param names retuned by the services 
> mentioned above:
>
> a) webid= the urlencoded WebID of the user connecting
>
> b) ts= a timestamp in XML Schema format
>
> c) sig= the signature of the whole URL (signed with the IdP's private 
> SSL key).
>
> d) referer= the address of the IdP, which is needed to fetch the 
> public key of the IdP's SSL certificate (so the application knows from 
> which IDP the signed response comes from in order to choose the 
> correct certificate to verify the signature)
>
> More info about the 'protocol' can be found in the README here [0].
>
> [0] https://github.com/WebIDauth/WebIDauth
>
> Andrei
>
>
>

Andrei,

Thanks, we'll get this fixed.

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 12 July 2012 16:59:49 UTC