OpenID is an open standard that allows user to be authenticated using third-party services called identity providers. Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication.
OpenID as a relying party
Let us take an example to show you how to implement OpenID as a Relying Party for miniOrange Authentication Service:
The user selects "Sign In with" option from miniOrange Self Service Console to login with any of the OpenID identity providers like Google, Yahoo, PayPal, Aol etc.
The miniOrange Authentication Service sends a discovery request to OpenID provider to get information on the login authentication endpoint.
OpenID does association between our miniOrange Authentication Service and OpenID Provider .It is like a secure key shared between both parties.
OpenID Provider returns an XRDS document, which contains the endpoint address.
The miniOrange Authentication Service sends a login authentication request to the OpenID provider's endpoint address.
This action redirects the user to a OpenID provider's Login page, either in the same browser window or in a popup window, and the user is asked to sign in.
Once logged in, OpenID Provider displays a confirmation page and notifies the user that a third-party application is requesting authentication. The page asks the user to confirm or reject access to user account details to our miniOrange Authentication Service.
If the user approves the authentication, OpenID returns the user to the URL specified in the manager.setReturnTo parameter of the original request. It returns an authentication object which has user's actual OpenID provider account details.
The miniOrange Authentication Service uses the OpenID-supplied authentication object to recognize the user and allow access to our application features and data.