wiki:AuthOpenIdPlugin

Version 24 (modified by anonymous, 6 years ago) (diff)

--

OpenID Authentication Plugin

Description

This plugins allows to login to Trac using OpenID. Please, note that this plugin works with Trac 0.11 version only.

There is already similar plugin (OpenidPlugin) but it is abandoned, old and has list of problems that my version fix:

  • Should work with Mysql, PostgreSql and SQLite
  • Uses genshi for templating

Bugs/Feature Requests

Existing bugs and feature requests are here. If you have any issues, create a new ticket.

Download & Source

You will need to install python_openid-2.1.1. Newer version might works as well but are not tested currently.

You can check out from:

You can download current version (0.1.6) from http://hg.sandbox.lt/authopenid-plugin/archive/v0.1.6.tar.gz if you don't want to use Mercurial version.

Example

[components]
trac.web.auth.* = disabled
authopenid.* = enabled

Options

This plugin has number of configuration options. Examples are best way to illustrate them:

[trac]
# Check user IP address. IP addresses are masked because
# in some cases user is behind internal proxy and last
# number in IP address might vary. Disable check_auth_ip
# if you are using IPv6. If you still want to have IPv6
# support please contact me.
check_auth_ip = true
check_auth_ip_mask = 255.255.255.0 
# number of seconds until cookie will expire
expires = 86400

[openid]
# In some cases company might have internal OpenID server that automatically
# identifies user (e.g. windows SSPI). Also known as single sign-on.
default_openid = http://openid.ee
# Require sreg data
sreg_required = false 
# Default PAPE method to request from OpenID provider.
# pape_method = 
# What is OpenID link.
whatis = http://openid.net/what/
# In some cases you might want allow users to login to different projects using
# different OpenIDs. In that case don't use absolute trust root.
absolute_trust_root = false

# Remove http:// or https:// from URL that is used as username. (Default: false)
strip_protocol = false

# Remove trailing slash from URL that is user as username (Defaul: false)
strip_trailing_slash = false

# Expiration time acts as timeout. E.g. if expiration time is 24 hour and
# you login again in those 24 times. Expiration time is extended for another
# 24 hours. (Default: false)
timeout = false

# white and black lists.
# Allows all the people from Lithuania, Latvia or Estonia except delfi domain.
white_list = *.lt, *.lv, *.ee
black_list = *.delfi.lt,*.delfi.lv,*.delfi.ee

# In addition to white and black lists you can use external service
# for allowing users into trac. To control that you must use check_list
# and check_list_key option. It will generate URL:
# check_list?check_list_key=openid
# It expects JSON result in following format:
# {"check_list_key": true} 
# IMPORTANT: this functionality uses simplejson which might not be available on your system by default. Install it if you want to use this functionality.
check_list = http://your.site.com/openidallow
check_list_key = check_list

Recent Changes

[2855] by dalius on 2007-12-07 07:18:58
Ticket #2276 fixed.
[2847] by dalius on 2007-12-04 06:41:53
logout patch from gsf
[2846] by dalius on 2007-12-03 08:55:11
sqlite patch from martin@paljak.pri.ee

Author/Contributors

Author: dalius
Contributors: