6.1.1.2.1.9. linotp.controllers.openid module¶
openid controller - This is the controller for the openid service
- class linotp.controllers.openid.OpenidController(*args, **kw)[source]¶
Bases: linotp.lib.base.BaseController
this is the controller for doing the openid stuff
https://server/openid/<functionname>- BASEURL = 'https://linotpserver'¶
- COOKIE_EXPIRE = 3600¶
- associate(params)[source]¶
This sets up a association (encryption key) bewtween the ID Provider and the consumer
- check()[source]¶
This function is used to login
- method:
- openid/check
- arguments:
- user - user to login realm - in which realm the user should login pass - password
- returns:
- JSON response
- checkid_setup(param)[source]¶
This function is called, when the used needs to verify that he is willing to authenticate for a relying party
- checkid_submit()[source]¶
This is called when the user accepts - hit the submit button - that he will login to the consumer
- id()[source]¶
This method is used by the consumer to authenticate like this: https://server/openid/id/<user>
The URL has to return this one in the html head: <link rel=”openid.server” href=”http://FQDN/openidserver“> <meta http-equiv=”x-xrds-location” content=”http://FQDN/yadis/someuser“>
- The request flow is:
- -> GET /openid/id -> GET /openid/yadis -> POST /openid/openidserver -> assocication -> POST /openid/openidserver -> checkid setup
- logout()[source]¶
This action deletes the cookie and redirects to the /openid/status to show the login status
If the logout is called in the context of an openid authentication, the user is already logged in as a different user. In this case we forward to the /openid/login page after the logout was made.
Another option for the openid authentication context would be to redirect to the return_to url by setting
redirect_to = params[“openid.return_to”] p[“openid.mode”] = “setup_needed”which advises the openid relying party to restart the login process.