wiki:PortalOpenId

Version 1 (modified by tmitchel@bbn.com, 9 years ago) (diff)

--

Overview

The GENI Experimenter Portal can act as an OpenID 2.0 identity provider. This allows other GENI experimenter tools to be OpenID relying parties and receive authentication services and metadata from the GENI Experimenter Portal via the OpenID protocol.

GENI users can use their GENI OpenID URL to request authentication from the GENI Experimenter Portal on any OpenID relying party. The user's GENI OpenID URL can be found on the profile page of the GENI Experimenter Portal.

Simple Registration

The GENI Portal shares two attributes via OpenID Simple Registration Extension to all relying parties.

Property Type Description
nickname String The authenticated user's GENI username.
email String The authenticated user's email address.


Attribute Exchange

The following properties are shared by the GENI Portal via OpenID Attribute Exchange (AX) upon request from relying parties.

Property Type Description
http://geni.net/projects Array of strings Each element (string) in the array is the concatenation of the project UUID, a vertical bar character, and the project name.

In general: "PROJECT_UUID|PROJECT_NAME"

For example: "fc3593d5-72bc-4879-89fc-83fc2a15a56e|myproject"
http://geni.net/slices Array of strings Each element (string) in the array is the concatenation of the slice UUID, a vertical bar character, the slice's parent project UUID, a vertical bar character, and the slice name. The slice's parent project UUID will match one of the UUIDs in the array returned in the http://geni.net/projects attribute.

In general: "SLICE_UUID|PROJECT_UUID|SLICE_NAME"

For example: "430775ab-a58e-4c22-8d16-89dad95ea3bd|fc3593d5-72bc-4879-89fc-83fc2a15a56e|myslice"
http://geni.net/user/urn Array of strings The authenticated user's GENI URN, with '|' substituted for '+'. The array will have at most one value.

For example: "urn:publicid:IDN|www.example.com|user|jpublic"
(where the real URN is "urn:publicid:IDN+www.example.com+user+jpublic")
http://geni.net/user/prettyname Array of strings A version of the authenticated user's name suitable for display in a UI. This is usually "Firstname Lastname" if available. If the user's name is not available, the email address is used as a substitute. The array will have at most one value.
http://geni.net/wimax/username Array of strings The authenticated user's WiMAX username, if they have one. The array will have at most one value. This attribute will not be present if the user does not have a WiMAX account.
http://geni.net/irods/username Array of strings The authenticated user's iRODS username, if they have one. The array will have at most one value. This attribute will not be present if the user does not have an iRODS account.
http://geni.net/irods/zone Array of strings The authenticated user's iRODS zone, if they have one. The array will have at most one value. This attribute will not be present if the user does not have an iRODS account.


Relying parties

The following systems are known to be integrated with the GENI Portal OpenID identity provider:

Resources