wiki:AuthOpenIdPlugin

Version 14 (modified by dalius, 6 years ago) (diff)

--

OpenID Authentication Plugin

Description

This plugins allows to login to Trac using OpenID. Please, note that this plugin works with Trac 0.11 version only.

There is already similar plugin (OpenidPlugin) but it is abandoned, old and has list of problems that my version fix:

  • Should work with Mysql, PostgreSql and SQLite
  • Uses genshi for templating

Bugs/Feature Requests

Existing bugs and feature requests for AuthOpenIdPlugin are here.

If you have any issues, create a new ticket.

Download & Source

You will need to install python_openid-2.1.1

You can check out AuthOpenIdPlugin from:

Subversion was dropped because of two reasons:

  • I don't have time to support two different repositories... AKA I'm lazy :)
  • It is easier to grab patches from remote Hg repositories... AKA I'm lazy :)

You can download most recent version from here if you don't want to use Mercurial version: http://blog.sandbox.lt/file/get/42?name=authopenid-plugin-dist.tar.gz. However I don't know yet what is better way to distribute not-development version. If you have any ideas just write mail me to dalius at sandbox.lt

Example

[components]
trac.web.auth.* = disabled
authopenid.* = enabled

Options

This plugin has number of configuration options. Examples are best way to illustrate them:

[trac]
# Check user IP address. IP addresses are masked because
# in some cases user is behind internal proxy and last
# number in IP address might vary.
check_auth_ip = true
check_auth_ip_mask = 255.255.255.0 
# number of seconds until cookie will expire
expires = 86400

[openid]
# In some cases company might have internal OpenID server that automatically
# identifies user (e.g. windows SSPI). Also known as single sign-on.
default_openid = http://openid.ee
# Require sreg data
sreg_required = false 
# Default PAPE method to request from OpenID provider.
# pape_method = 
# What is OpenID link.
whatis = http://openid.net/what/
# In some cases you might want allow users to login to different projects using
# different OpenIDs. In that case don't use absolute trust root.
absolute_trust_root = false

# Remove http:// or https:// from URL that is used as username. (Default: false)
strip_protocol = false

# Remove trailing slash from URL that is user as username (Defaul: false)
strip_trailing_slash = false

# Expiration time acts as timeout. E.g. if expiration time is 24 hour and
# you login again in those 24 times. Expiration time is extended for another
# 24 hours. (Default: false)
timeout = false

Recent Changes

[2855] by dalius on 2007-12-07 07:18:58
Ticket #2276 fixed.
[2847] by dalius on 2007-12-04 06:41:53
logout patch from gsf
[2846] by dalius on 2007-12-03 08:55:11
sqlite patch from martin@paljak.pri.ee

Author/Contributors

Author: dalius
Contributors: