powered by Jive Software

Openfire + openid?

Hi everybody,

Does Openfire support openID ?

I have not found any post about this feature ?

if someone can help me… thanks

There is no support for OpenID. To make Openfire an OpenID consumer would be nearly impossible, since OpenID is http based, the xmpp protocol has no mechanism for that. It could be possible to write an OpenID server that shares the Openfire user database, but that project would really be external to Openfire.

Ok, thanks

If it is just a HTTP request, it may be possible to link a jabber user to an openID with an externe database and add this to the authentification system. I think Wildfire had a module doing an openID authentification : here

Is it possible to develop a plugin for Openfire based on the Wildfire’s module ?

Wildfire is the old name for Openfire- so old plugins could be updated to work with newer versions, sure.

But I dont think that OpenID code does what you think it does. It checks a database to see if a session already exists for a given OpenID user, and if so lets the user in. That is: the authentication already happened elsewhere. Additionally, the client needs to somehow handle sending a url as the authentication ID, and that somehow gets mapped to an authorization ID. I dont really have the time to disect the code, but some sort of mapping is needed since any URL is a valid OpenID user- and URL’s cannot map perfectly to jabber IDs.

Also the code is not a complete plugin or Auth provider. It looks to me like its a shim between an existing application (Moodle?) and Openfire. Some of the code may be useful to a developer, but by itself it wont help anyone much. It also looks like they had a patch to modify Wildfire it self- meaning this was more than an add-on; it was a customization. Maintaining something like that is non-trivial and requires a fair amount of knowledge of how Openfire itself works.

An additional note for you: The problem with linking a user to an OpenID URL is that what do we do when we get to the URL? OpenID makes no specification of how the OpenID server should perform the authentication, so without a web browser its pretty much impossible. Some sites may use a simple username/password form, others may have a more complex system (Kerberos, HTTP-auth, or nothing at all!). While this really is the strength of OpenID, it does limit OpenID to http based applications.

Im sure there is some sufficient amount of duct-tape that would make OpenID work with Openfire- but it will likely be flakey. Going the other direction would be much simpler- it would be easy to write a simple plugin for Openfire that turned it into an OpenID server itself- so you could log into your favorite OpenID supported website using your jabber id (like http://jabber.server.com/~username or whatever)

consider this?

http://xmpp.org/extensions/xep-0154.html#openid

This does not use JID as "open"id but for "open"id.