Menu
Usually the user first visits the client site (like stackoverflow) and gets redirected to the OpenID Provider (OP) and gets redirected back to the client after authenticating.
Imagine now we have a portal which acts as a OP. After I login into the portal it should show links to applications. These applications are managing there logins with openID Clients. Is it possible to construct links (or redirect headers) to the application (openID client)?
Step by Step like this:
Is it possible? Or do I always have to visit the openId Client first to start a session or something like this?
(if it differs from openId v1 and v2, it would be nice to hear about it)
876
Yes. This is possible, however this is not a part of OpenID specification, the specification doesn't talk about a IDP initiated authentication flow. The trick is at the IDP. Let me summarize this.
There are two interactions an OP do with the user :
Ask for password. (If the OP can use a cookie or a session value to remember the authenticated user, then this interaction can be skipped in later logins)
Ask for the consent. That is the user is asked for giving permissions to the application to access user identity information. (If the OP can be configured to skip this step for user allowed set applications then this interaction can be avoided too)
So the flow will work like this:
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
