linotp.controllers.openid module

openid controller - This is the controller for the openid service

class linotp.controllers.openid.OpenidController(*args, **kw)[source]

Bases: linotp.lib.base.BaseController

this is the controller for doing the openid stuff

https://server/openid/<functionname>
BASEURL = 'https://linotpserver'
COOKIE_EXPIRE = 3600
associate(params)[source]

This sets up a association (encryption key) bewtween the ID Provider and the consumer

check()[source]

This function is used to login

method:
openid/check
arguments:
user - user to login realm - in which realm the user should login pass - password
returns:
JSON response
check_authentication(params)[source]
checkid_setup(param)[source]

This function is called, when the used needs to verify that he is willing to authenticate for a relying party

checkid_submit()[source]

This is called when the user accepts - hit the submit button - that he will login to the consumer

id()[source]

This method is used by the consumer to authenticate like this: https://server/openid/id/<user>

The URL has to return this one in the html head: <link rel=”openid.server” href=”http://FQDN/openidserver“> <meta http-equiv=”x-xrds-location” content=”http://FQDN/yadis/someuser“>

The request flow is:
-> GET /openid/id -> GET /openid/yadis -> POST /openid/openidserver -> assocication -> POST /openid/openidserver -> checkid setup
login()[source]

This is the redirect of the first template

logout()[source]

This action deletes the cookie and redirects to the /openid/status to show the login status

If the logout is called in the context of an openid authentication, the user is already logged in as a different user. In this case we forward to the /openid/login page after the logout was made.

Another option for the openid authentication context would be to redirect to the return_to url by setting

redirect_to = params[“openid.return_to”] p[“openid.mode”] = “setup_needed”

which advises the openid relying party to restart the login process.

openidserver()[source]

This is the so called server endpoint, that decides, if the user is authenticated or not. and returns to the given “openid.” either directly or after authenticating the user openid.claimed_id.

status()[source]

This shows the login status.

yadis()[source]