OpenID for eZPublish

Earlier this year I was investigating OpenID and decided to attempt to integrate it into eZ Publish. I got most of the way before I realised that the amount of existing code I had to replicate meant that the maintenance of the extension would be a nightmare.

After discussions at the eZ Developer Day I decided to upload the source to projects.ez.no and invite anyone interested check it out. If you want to contribute feel free to add yourself to the group.

The extension uses the PHP OpenID Library by JanRain. The version of the library used in the extension is 2.1.1. In future I plan at evaluating the use of the eZ Components OpenID Authentication module.

Features

The extension provides the following features:
  • Login using OpenID
  • Register Using OpenID
  • OpenID URL management
Both the OpenID Login and User Registration work in parallel to the existing systems, allowing users to login & register in a regular manor. The templates have been created for the admin & ezwebmin interface. The login screen will show the original as well as the OpenID login.

Clicking on the OpenID Register button will authenticate the user via the entered OpenID URL, retrieve some details from the OpenID profile and present the user with the registration form. Once the registration is processed the authenticated OpenID URL will be associated with the account. The user registration process has had the least testing.

The OpenID account management allows users to add and remove OpenID URLs that are associated with their account. The interface is available via a tab in the admin interface. Currently there are no ezwebmin (front end) specific templates.

The extension assumes you have an installed Website interface and works with eZ Publish 4.x.

Installing the OpenID extension

To use the extension, grab it from svn. From the extensions directory run

cd extension/
svn co http://svn.projects.ez.no/openid/trunk/ openid

and enable in the usual manor.

Create the table the holds the link between the OpenID URLs & the eZ users:

mysql -u[user] -p [database] < sql/openid.sql

Clear caches.

Create an OpenID account

If you don't already have an open ID account get yourself one. I've used ClaimID, but there are plenty of other options. I've also used MyOpenID, SignOn and Sxipper which also has a great firefox identity/password manager add on.

Register an OpenID URL via Admin Interface

If the OpenID extension has been installed correctly you should see a OpenID Tab in the admin interface.

Clicking on the OpenID tab should produce a screen like:



You can now enter your OpenID URL into the field and click on "Register New OpenID" The extension will go off to the provider and ask you to authenticate. Once authenticated you will be asked if you want to:
  1. Login - Authorise login once
  2. Login and Trust - Authorise login for this and subsequent accesses
  3. Cancel - Don't authorise login
Choosing the either of the first two options will allow the OpenID URL to be registered against the currently logged in user. Choosing the "Cancel" option will result in the registration failing. (Note: These specific options are ClaimID specific. Other providers will have similar functionality but it may be presented differently)

You should be able to logout and log back in using the registered OpenID URL. If you have previously loged in and trusted the site you will not have to enter your password.

Register a new user with an OpenID URL

Users are able to register using their OpenID URL from the login form. Entering an OpenID URL and clicking on the register button will pass the user off to the OpenID provider to authenticate and trust the site. Users will be asked if some of your persona information can be passed back to eZ Publish to prefill the user registration form.


The persona information is quite specific and currently only the email address is used. The mapping of the availiable persona information to the eZ user is one area that would benefit from work.

Once authenticated the user is able to progress with the regular user registration process. once completed the user will be able to login using the registered OpenID URL.

The user registration process has not been fully tested.

Future of this extension

This extension was put together as a working prototype and as such is quite rough around the edges. It requires quite a bit of the existing user module & associated templates to be replicated and this makes it a pain to maintain.

The user authentication components of eZ Publish are not constructed in a way that makes it easy to implement OpenID style authentication systems. I hope and suspect that future versions of eZ publish will address this.

I may work on the extension from time to time but am unlikely to spend any real time on it in the near future. If you are interested feel free to signup as a project member, or contact me directly.

There is an existing Open Funding suggestion for OpenID support that may provide a means for getting OpenID support into eZ publish.

Comments

  1. Anonymous8:34 am, October 25, 2008

    Using Yahoo! openID when login/registering my OpenID for my website, when it returns from the Yahoo confirmation page, ezpublish is displaying my page using the default siteaccess instead of the one that my domain is using. But if then I click on the address bar and press enter. It's OK.

    See at www.qhphotography.com

    ReplyDelete
  2. Sidney12:26 am, July 08, 2009

    Hello Bruce, I am planning to develop a login system using X509 certificates to EZ. I intend to use your module as a base because it is well structured. My module is GPL too!

    ReplyDelete
  3. Sidney12:39 am, July 08, 2009

    This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

eZ Publish 5 Virtual Machine

One of the most common issues of newcomers to eZ Publish is the setup of a system suitable for running it. Without a correctly configured system in place they usually do not get beyond the installation process and abandon their evaluation before having experienced the product.  The eZ Publish puppet module is an attempt to codify the requirements  for running eZ Publish and provide a means for automatically creating a system suitable for running it - no more following a checklist of "setting up eZ Publish on XYZ". The eZ Publish 5 Virtual Machine can be found on github at  https://github.com/brucem/vagrant-puppet-ezpublish .   It combines Vagrant, VirtualBox & Puppet to generate a VM with the current eZ Publish community version (2013.4) installed and ready to be configured. The README.md  provides details of the requirements and how to use it. Vagrant is a system that  orchestrates the automatic creation and configuration of systems. It has been used to d
Read more

eZ Publish Admin redesign - Dashboard = OpenSocial?

Image
In the preface to the current Admin interface specification the last paragraph caught my eye: A overview of user task need a dashboard , where she can follow here own content, approval and other tasks she might do on a regular basis. I recently saw a demo of the latest version of the bug tracking system JIRA 4.0 by Atlassian . It used an OpenSocial dashboard to allow users to customise their homepage to access and interact with information that was important to them.  The system not only displays JIRA widgets but any OpenSocial widgets (and those from other Atlassian products ). You can check out a video of it in action here and more information on how Atlassian is using OpenSocial here . What is OpenSocial? From the official site: OpenSocial defines a common API for social applications across multiple websites. With standard JavaScript and HTML, developers can create apps that access a social network's friends and update feeds. Google personal home page is an example o
Read more