'''''This page has moved to https://github.com/GENI-NSF/geni-portal/wiki/Portal-OpenID'''''

-----
-----
-----

[[PageOutline]]

= Overview =
The GENI Experimenter Portal can act as an [http://openid.net OpenID] 2.0 identity provider. This allows other GENI experimenter tools to be OpenID relying parties and receive authentication services and metadata from the GENI Experimenter Portal via the OpenID protocol.

GENI users can use their GENI OpenID URL to request authentication from the GENI Experimenter Portal on any OpenID relying party. The user's GENI OpenID URL can be found on the [https://portal.geni.net/secure/profile.php profile page of the GENI Experimenter Portal].

= Simple Registration =
The GENI Portal shares two attributes via [http://openid.net/specs/openid-simple-registration-extension-1_0.html OpenID Simple Registration Extension] to all relying parties.

|| '''Property''' || '''Type''' || '''Description''' ||
|| `nickname` || String || The authenticated user's GENI username. ||
|| `email` || String || The authenticated user's email address. ||
[[BR]]

= Attribute Exchange =
The following properties are shared by the GENI Portal via [http://openid.net/specs/openid-attribute-exchange-1_0.html OpenID Attribute Exchange (AX)] upon request from relying parties.

|| '''Property''' || '''Type''' || '''Description''' ||
|| `http://geni.net/projects` || Array of strings || Each element (string) in the array is the concatenation of the project UUID, a vertical bar character, and the project name.[[BR]][[BR]]In general: "PROJECT_UUID|PROJECT_NAME"[[BR]][[BR]]For example: "fc3593d5-72bc-4879-89fc-83fc2a15a56e|myproject" ||
|| `http://geni.net/slices` || Array of strings || Each element (string) in the array is the concatenation of the slice UUID, a vertical bar character, the slice's parent project UUID, a vertical bar character, and the slice name. The slice's parent project UUID will match one of the UUIDs in the array returned in the `http://geni.net/projects` attribute.[[BR]][[BR]]In general: "SLICE_UUID|PROJECT_UUID|SLICE_NAME"[[BR]][[BR]]For example: "430775ab-a58e-4c22-8d16-89dad95ea3bd|fc3593d5-72bc-4879-89fc-83fc2a15a56e|myslice" ||
|| `http://geni.net/user/urn` || Array of strings || The authenticated user's GENI URN, ''with '|' substituted for '+'.''  The array will have at most one value.[[BR]][[BR]]For example: "urn:publicid:IDN|www.example.com|user|jpublic" [[BR]]      (where the real URN is "urn:publicid:IDN+www.example.com+user+jpublic") [[BR]] ||
|| `http://geni.net/user/prettyname` || Array of strings || A version of the authenticated user's name suitable for display in a UI. This is usually "Firstname Lastname" if available. If the user's name is not available, the email address is used as a substitute. The array will have at most one value. ||
|| `http://geni.net/wimax/username` || Array of strings || The authenticated user's WiMAX username, if they have one. The array will have at most one value. This attribute will not be present if the user does not have a WiMAX account. ||
|| `http://geni.net/irods/username` || Array of strings || The authenticated user's iRODS username, if they have one. The array will have at most one value. This attribute will not be present if the user does not have an iRODS account. ||
|| `http://geni.net/irods/zone` || Array of strings || The authenticated user's iRODS zone, if they have one. The array will have at most one value. This attribute will not be present if the user does not have an iRODS account. ||
[[BR]]

= Relying parties =
The following systems are known to be integrated with the GENI Portal OpenID identity provider:
 * [http://igplc.cs.princeton.edu:8080 GENI Experiment Engine (GEE)]
 * [http://witestlab.poly.edu/respond/sites/witest/ NYU WITest Lab]
 * [http://labwiki.casa.umass.edu LabWiki]
 * [https://geni.orbit-lab.org Rutgers ORBIT Lab]

= Resources =
 * OpenID web site: http://openid.net/
 * OpenID 2.0 libraries: http://openid.net/developers/libraries/obsolete/
 * [http://trac.gpolab.bbn.com/proto-ch/query?status=accepted&status=assigned&status=new&status=reopened&component=openid&order=priority&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component Known issues]
 * OpenID Library used by GENI Portal: https://github.com/openid/php-openid