linotp.controllers.openid module¶
openid controller - This is the controller for the openid service
-
class
linotp.controllers.openid.
OpenidController
(*args, **kw)[source]¶ Bases:
linotp.lib.base.BaseController
this is the controller for doing the openid stuff
https://server/openid/<functionname>-
BASEURL
= 'https://linotpserver'¶
-
COOKIE_EXPIRE
= 3600¶
-
associate
(params)[source]¶ This sets up a association (encryption key) bewtween the ID Provider and the consumer
-
check
()[source]¶ This function is used to login
- method:
- openid/check
- arguments:
- user - user to login realm - in which realm the user should login pass - password
- returns:
- JSON response
-
checkid_setup
(param)[source]¶ This function is called, when the used needs to verify that he is willing to authenticate for a relying party
-
checkid_submit
()[source]¶ This is called when the user accepts - hit the submit button - that he will login to the consumer
-
custom_style
()[source]¶ If this action was called, the user hasn’t created a custom css yet. To avoid hitting the debug console over and over, we serve an empty file.
-
id
()[source]¶ This method is used by the consumer to authenticate like this: https://server/openid/id/<user>
The URL has to return this one in the html head: <link rel=”openid.server” href=”http://FQDN/openidserver”> <meta http-equiv=”x-xrds-location” content=”http://FQDN/yadis/someuser”>
- The request flow is:
- -> GET /openid/id -> GET /openid/yadis -> POST /openid/openidserver -> assocication -> POST /openid/openidserver -> checkid setup
-
logout
()[source]¶ This action deletes the cookie and redirects to the /openid/status to show the login status
If the logout is called in the context of an openid authentication, the user is already logged in as a different user. In this case we forward to the /openid/login page after the logout was made.
Another option for the openid authentication context would be to redirect to the return_to url by setting
redirect_to = params[“openid.return_to”] p[“openid.mode”] = “setup_needed”which advises the openid relying party to restart the login process.
-