Just thinking out loud..

It would be nice if one could plug-in / enforce specific IdP's in the OpenID module.

This might somewhat go against the nature of OpenID, but would be useful in intranet / extranet environments (especially when using auto-registration) and to support IdP-specific fields.

For instance, one my want to provide a button / link (like on https://www.plaxo.com/openid?r=/) on a Drupal site to Google, Yahoo, a company or government IdP... so the Drupal user does not have to remember URL's and/or his OpenID, The Drupal site owner might allow persons authenticated by a "trustworthy" IdP to sign up automatically for a Drupal account.

Comments

c960657’s picture

I believe this is already possible using hook_openid_normalization_method_info(). Just replace the existing 'xri' and 'url' normalizers with a function that ignore any input and simply returns the URL of the OpenID Provider. Automatic sign-up using SREG or AX is already supported.

Does that address your needs? If not, could you be more specific about what new hooks or features you would like?

bart.hanssens’s picture

Well, I'm playing a bit with Drupal 6 + openid with a proof of concept of a Belgian eID - IdP, trying to reuse as much of the D7 core openid module code as possible. "Demo" can be found here: idp.rovin.be, code is hosted on http://code.google.com/p/eid-drupal-openid/

In short, I'd like to be able to

- allow a drupal admin to provide a list of "trusted" openid IdP's (with discovery)

- present the list as buttons underneath the regular user/pass fields, instead of having to click on the openID button and type in the openID url (http://drupal.org/project/comfortid is already an improvement, but still requires additional actions from the end user)

- optionally allow the drupal admin to override the "email verification" settings for openid users, so a user registering with a "trusted" IdP would not need to verify his/her account

- check the openid response_nonce (AFAIK this isn't implemented in the openid core module)

Obviously, I'm aiming at the Belgian eID using openid (instead of the reverse proxy approach used in http://drupal.org/project/eid), and while the drupal openid core module does work out-of-the-box, I think the features listed above would make it more userfriendly...

star-szr’s picture

Issue summary: View changes
Status: Active » Closed (won't fix)

I would move this to https://www.drupal.org/project/openid but there is no 8.x version there.

More info:
https://www.drupal.org/node/2116417