Saturday, April 12, 2008

Passwordless login with WSO2 OpenID Provider

There are two patterns found, adapted by many sites to implement passwordless login.

1. Signup directly with your Personal Information card.

2. Signup with a username/password based account and associate any number of Personal Infocards with it. So - later you can have passwordless login with any of the associated Infocards. Also - with this approach if you lose your Infocard you need not to worry too much, you have the other option - username/password login.

WSO2 OpenID Provider supports both of these and available to download from here.

Once downloaded, follow the OpenID Provider Administrator's Guide, which explains all you need to know to setup the OpenID Provider, locally.

You also need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.

Now, either you can signup with a self-issued information card or register with a username/password combination and later associate a self-issued card with your account.

The sample application associated with the relase can be used to test your passwordless login - simply hit https://localhost:12443/javarp