Central authentication

JerryMungo

JerryMungo

Honorary Master
Joined
Jul 18, 2008
Messages
37,525
Reaction score
6,275
I have a client who needs a Wordpress CMS for extranet and public internet sites and a .Net aspx app. I want to integrate authentication and only require it once for all their apps.

The client also makes use of a LinkedIn group for discussions which I want to integrate somehow. I know LinkedIn has an api but I'm not sure what level of integration I can rely on.

What do you recommend? I'm considering OpenID but I've never used it before. Are there other approaches I should consider for central authentication?

Ta muchly in advance!
 
Awesome, thanks guys... I assume since Oauth is an extension to OpenID, I'd need libraries for both?
 
http://bit.ly/1131ptI

or

http://oauth.net/about/

OAuth and OpenID
OAuth is not an OpenID extension and at the specification level, shares only few things with OpenID – some common authors and the fact both are open specification in the realm of authentication and access control. ‘Why OAuth is not an OpenID extension?’ is probably the most frequently asked question in the group. The answer is simple, OAuth attempts to provide a standard way for developers to offer their services via an api without forcing their users to expose their passwords (and other credentials). If OAuth depended on OpenID, only OpenID services would be able to use it, and while OpenID is great, there are many applications where it is not suitable or desired. Which doesn’t mean to say you cannot use the two together. OAuth talks about getting users to grant access while OpenID talks about making sure the users are really who they say they are. They should work great together.
Click to expand...

Really wasn't that hard huh?
 
froot said:
+1.
Click to expand...

Thanks guys - I think I have it now... this site does a good job of explaining for anyone else interested:
http://softwareas.com/oauth-openid-...wrong-tree-if-you-think-theyre-the-same-thing

OAuth, OpenID…they sound like the same thing and they kind of do vaguely similar things But I’m here to tell you, OAuth is not Open ID. They have a different purpose. I’ve been playing around with OAuth a bit in the past couple weeks and have a grip on what it’s aiming to do and what it’s not aiming to do.

To start with, here’s what OAuth does have in common with Open ID:

They both live in the general domain of security, identity, and authorisation
They are open web standards. Created and evolved by people with an itch to scratch and evolved pragmatically by a loose, fluid, alliance. Think REST, not SOAP. Think Bar Camp, not The 25th Monosemiannual International Convention for the Society of Professionals who Devise Acronyms Quite a Bit.
They both celebrate decentralisation. There is no central Open ID or OAuth server that holds all the security information in the universe (cf Passport). Anyone can set up as a server or a client.
They both involve browser redirects from the website you’re trying to use – the “consumer” website – to a distinct “provider” website, and back again. Meanwhile, those websites talk to each other behind the scenes to verify what just happened.
The user can actively manage the provider website, exerting control over which websites can talk to it and for how long.
With that much in common, the casual observer could be forgiven for confusing them. But they’re different. Not different as in “vying to be the no. 1 standard”, but different as in “they let you do different things”. How so?

Open ID gives you one login for multiple sites. Each time you need to log into Zooomr – a site using Open ID – you will be redirected to your Open ID site where you login, and then back to Zooomr. OAuth lets you authorise one website – the consumer – to access your data from another website – the provider. For instance, you want to authorise a printing provider – call it Moo – to grab your photos from a photo repository – call it Flickr. Moo will redirect you to Flickr which will ask you, for instance, “Moo wants to download your Flickr photos. Is that cool?”, and then back to Moo to print your photos.
Click to expand...

So from that I gather I actually need OpenID to allow one login to afford access to the various apps and to integrate LinkedIn discussions, OAuth will likely be used.
 
After some investigation, it seems I can't use OpenID - LinkedIn isn't an openID subscriber... so for authentication I'll use the LinkedIn Javascript API... coupled with OAuth for the LinkedIn content integration.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X