[CWD-3060] Use OpenID Realm for approval requests - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.6
Component/s: OpenID
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Crowd's OpenID approvals are based around the return_to URL. An OpenID 2 request may present a more general realm as well (Realms). If present, the user should be asked to approve the realm for this and future requests.

If a whitelist is present (~~CWD-3045~~) it should be treated as a list of realms. Any realm must either be directly present on the whitelist (if it's a pattern) or match something on the whitelist if it's a concrete return_to URL.

has a derivative of

CWD-3069 Warn about overly general Realms in OpenID requests

Gathering Interest

relates to

CWD-2470 Support OpenID 2.0 and identifier select for a single endpoint URL

Closed

CWD-3045 Allow a whitelist of automatically-approved sites for CrowdID

Closed

mentioned in: Wiki Page Loading...

Assignee:: joe

Reporter:: joe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 11/Jan/2013 12:15 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 18/Jan/2013 12:33 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates