Jeremy Smith's blog

Entry Is Labelled

OpenID Server Integrated with CAS

With the help of some of the Network Engineers (to get some magic routing working), I cobbled together an OpenID server and integrated it with Case's Single Sign On system, CAS.

The "server" end-point is located at http://login.case.edu/id. Your "identity URL" is the first.last portion of your email address followed with .id.case.edu. For example, my email is jeremy.smith@case.edu, so my OpenID identity URL is jeremy.smith.id.case.edu. For those averse to typing (like I am), you can also use your Case Network ID followed by .id.case.edu. So, I could also use jms18.id.case.edu.

If you want to try logging in with it, you can head over to Simon Willison's Weblog and, at the top where it says "Sign in with OpenID," click on that and enter <USERNAME>.id.case.edu.

A better example is logging into Wikitravel because it shows how information (such as nicknames, email address, full name, etc.) can be shared between a OpenID Provider and client. You can sign in to Wikitravel here. The information sharing part doesn't so much "work" yet. I'm getting there.

And because it is integrated upwards towards CAS, it should interoperate with all of the other "identity systems/protocols" we've integrated with CAS like Shibboleth (and, in testing, Oracle's Single Sign On, Sun's, and Google's SAML-based Single Sign-On). I may throw up some screencasts showing the effects of this by bouncing in between normal CAS-protected apps (like this blog system or the wiki), Shibboleth protected ones, and OpenID protected ones.

Comments

  1. gravatar

    Awesome! Will I have this OpenID forever, even after I graduate?

    I registered for an OpenID at MyOpenID (http://benjamin.golub.myopenid.com/) and have my website delegating it so I only have to remember http://benjamingolub.com. I've used it to comment on some friend's LiveJournal's and it works really well.

    I really hope more services start making use of it as it solves a number of problems.

  2. gravatar
    Will I have this OpenID forever, even after I graduate?

    Right now, the service is experimental; but assuming the service persists, yes, you will have the OpenID account indefinitely.

    have my website delegating it so I only have to remember http://benjamingolub.com.

    You could also delegate to Case's OpenID. If you view the source to the main page of my blog, you can see the markup that allows one to do that. It looks like the following (I see that on your blog, you've already done delegation, I'm just putting this here for others reading this):

    <link rel="openid.server"
      href="https://login.case.edu/id">
    <link rel="openid.delegate"
      href="http://jeremy.smith.id.case.edu">

    I'll be posting more about OpenID in the near future that should help flesh out this documentation.

  3. gravatar

    That's awesome. I've been trying to sell Scott on putting something like this together. Are you planning on posting a note to the CAS dev list?

  4. gravatar

    Any interest in helping us get something like this into the CAS distribution?