Red Hat

OpenID and Seam

Posted by    |       |    Tagged as Seam

Seam 2.1.1 adds OpenID support as the first of, we hope, many external authentication options in Seam. Since this is fairly new, I've put together a mini-FAQ on our OpenID support.

What is OpenID?

OpenID is a community standard for external web-based authentication. The basic idea is that when a user comes to your application, instead of registering and maintaining a username and password for your application, the user can register and login with his OpenID. Think of it as a user-controlled single sign-on. Instead of trying to explain OpenID here, I recommend watching OpenID According to Dave for a quick overview or Simon Willison's Google Tech Tech for a more technical introduction.

Does OpenID replace my current authentication mechanism?

OpenID can be used in a lot of different ways, and we've tried to keep our support as flexible as possible to support a wide variety of uses. To do that, we've made OpenID a supplemental authentication mechanism. The OpenID component doesn't replace your existing identity component; it sits along side it. After validating an OpenID, the OpenID component can immediately log the user in with no additional work on behalf of your application. Or, you handle the validated OpenID in an application-specific manner.

Do I still need to maintain an entity for the user?

You don't have to use any form of local identity. No local identity might make sense for some uses, like blog comments or voting in a poll, but for most applications you'll probably want to maintain a local user object to attach user-specific data to.

Does OpenID mean you give up control over the login proces?

No. OpenID is about authentication and not authorization. The OpenID provider can tell you that the user trying to access your application is who he claims, but that doesn't necessarily mean the user should be allowed to access your application. Blindly accepting OpenID credentials could open your application to spammers and other internet cretins, so you'll almost certainly want to impose the same registration and login requirements as you would for a non-OpenID login.

Do we support attribute exchange?

Not yet, but that's very high on the list of things we'd like to add.

How do I use OpenID in Seam?

Look in examples/openid for a simple Seam application that uses OpenID. This application demonstrates the simplest form of OpenID usage with no local user. For a more thorough look at how to configure OpenID, have a look at the docs. If you have any questions, problems or suggestions regarding the OpenID support, post a message to the forums.

back to top