Spring Security
  1. Spring Security
  2. SEC-1288

Default claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier" OR allow form field to be configurable with security namespace config

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0 RC1
    • Fix Version/s: 3.0.0.RC2
    • Component/s: OpenID
    • Labels:
      None

      Description

      The default form field for OpenID identifier, as indicated in section 7.1 of the OpenID 2.0 spec, should be "openid_identifier". This should be the default in the Spring Sec OpenIDAuthenticationFilter, since it's unlikely that users would realistically use the default - j_username - in a typical login scenario. At the very least, this should be configurable when using the convenience <openid-login> element in the security namespace, without requiring the user to declare their own filter. The "openid_identifier" field is identified automatically in OpenID-enabled user agents, such as Flock or Firefox with the Verisign SeatBelt plugin.

        Activity

        Hide
        Luke Taylor added a comment -

        Seems like a good idea, since this is recommended in the 2.0 spec. I've changed the default.

        Show
        Luke Taylor added a comment - Seems like a good idea, since this is recommended in the 2.0 spec. I've changed the default.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Peter Mularien
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: