wiki:AuthOpenIdPlugin

Version 29 (modified by dalius, 6 years ago) (diff)

--

OpenID Authentication Plugin

Description

This plugins allows to login to Trac using OpenID. Please, note that this plugin works with Trac 0.11 version only.

WARNING: This plugin does not work with Trac 0.11.2.1 because of new bug in Trac. Use older version. I hope trac team will fix this problem soon.

There is already similar plugin (OpenidPlugin) but it is abandoned, old and has list of problems that my version fix:

  • Should work with Mysql, PostgreSql and SQLite
  • Uses genshi for templating

Bugs/Feature Requests

Existing bugs and feature requests are here. If you have any issues, create a new ticket.

Download & Source

You will need to install python_openid-2.1.1. Newer versions might works as well but are not tested currently.

You can check out from:

You can download current version (0.1.6) from http://hg.sandbox.lt/authopenid-plugin/archive/v0.1.6.tar.gz if you don't want to use Mercurial version.

Example

[components]
trac.web.auth.* = disabled
authopenid.* = enabled

Options

This plugin has number of configuration options. Examples are best way to illustrate them:

[trac]
# Check user IP address. IP addresses are masked because
# in some cases user is behind internal proxy and last
# number in IP address might vary. Disable check_auth_ip
# if you are using IPv6. If you still want to have IPv6
# support please contact me.
check_auth_ip = true
check_auth_ip_mask = 255.255.255.0 
# number of seconds until cookie will expire
expires = 86400

[openid]
# In some cases company might have internal OpenID server that automatically
# identifies user (e.g. windows SSPI). Also known as single sign-on.
default_openid = http://openid.ee
# Require sreg data
sreg_required = false 
# Default PAPE method to request from OpenID provider.
# pape_method = 
# What is OpenID link.
whatis = http://openid.net/what/
# In some cases you might want allow users to login to different projects using
# different OpenIDs. In that case don't use absolute trust root.
absolute_trust_root = false

# Remove http:// or https:// from URL that is used as username. (Default: false)
strip_protocol = false

# Remove trailing slash from URL that is user as username (Defaul: false)
strip_trailing_slash = false

# Expiration time acts as timeout. E.g. if expiration time is 24 hour and
# you login again in those 24 times. Expiration time is extended for another
# 24 hours. (Default: false)
timeout = false

# white and black lists.
# Allows all the people from Lithuania, Latvia or Estonia except delfi domain.
# IMPORTANT: strip_protocol and strip_trailing_slash affects what openid will be given to white_list or black_list
white_list = *.lt, *.lv, *.ee
black_list = *.delfi.lt,*.delfi.lv,*.delfi.ee

# In addition to white and black lists you can use external service
# for allowing users into trac. To control that you must use check_list
# and check_list_key option. It will generate URL:
# check_list?check_list_key=openid
# It expects JSON result in following format:
# {"check_list_key": true} 
# IMPORTANT: this functionality uses simplejson which might not be available on your system by default. Install it if you want to use this functionality.
# IMPORTANT: strip_protocol and strip_trailing_slash affects what openid will be send to service
check_list = http://your.site.com/openidallow
check_list_key = check_list

Author/Contributors

Author: dalius
Contributors: