[TYPO3-project-4-3] Using OpenID in combination with rsaauth and saltedpasswords

[Marcus Krause]

Dmitry Dulepov schrieb:
> Hi!
> 
> Marcus Krause wrote:
>> I was trying to test recent OpenID patch and therefore enabled 
>> OpenID sysext.
>> 
>> As I'm working on saltedpasswords too, openid, rsaauth and 
>> saltedpasswords are installed and loaded. In addition 
>> loginSecurityLevel for FE and BE is set to rsa.
>> 
>> With above mentioned combination (considered to be not an unusal 
>> one), I'm unable to authenticate with OpenID. There's no forwarding
>>  to the OpenID provider and login forms simply complain about wrong
>>  credentials.
>> 
>> The service priorities seem to be valid.
> 
> There is an explanation:


> 3. saltedpw does not work with RSAAuth because it checks for the 
> login method to be "basic" (or something like that) while with RSA it
>  is "rsa" (or similar, do not remember). At least it was the reason 
> when I tested it months ago.

saltedpasswords [1] (!=t3sec_saltedpw) works fine together with rsaauth
;-) Give it a try!


> 1. OpenID has no passwords, therefore rsaauth makes no sense there.
> 2. RSAAuth has higher priority than OpenID, therefore it will run
> first and fail due to the empty password

Given that saltedpasswords works fine together with rsaauth, this might
be widely deployed solution for 4.3.
Best solution would be to have no passwords at all (openid).

Then the ideal setup would be to have openid,rsaauth and saltedpasswords
installed and working.

Highest preference on openid. (in case a user does use openid)
If there's no usable openid, degrade to rsaauth and saltedpasswords.

So, IMHO, we should try to make openid work together with rsaauth at the
same time.

What's your opinion?


Marcus.

[1]
http://forge.typo3.org/repositories/browse/extension-t3sec_saltedpw/trunk
or
http://forge.typo3.org/repositories/browse/extension-t3sec_saltedpw/branches/TRY-SYSEXT-OOP