El 2014 ens porta Persona

New & Noteworthy
12/31/13
Lluis Turró Cutiller
71,484
0

Preparada ja l'actualització de tots els Cloud Turro.Org amb la nova implementació de Persona. El projecte ja és als repositoris de codi de la Fundació TiC i compartit amb Mozilla.Org, un cop assolida la fase estable.

Què és i com funciona?

Persona és un sistema de Signatura Única (SSO) basat exclusivament amb l'email. Les sessions obertes amb Persona perduren segons les preferències del usuari, podent allargar-se infinitament en l'ordinador propi o ser de sessió única, acabant en tancar el navegador.

És fàcil i ràpid començar. En qüestió d'uns minuts, un usuari pot crear el seu compte i validar-lo, sense donar cap altre dada que el seu email.

És segur. Persona connecta usant el protocol HTTPS tant per conversar amb l'usuari com per validar les assercions.

Per entrar a les sessions de treball BrightSide usant Persona només cal prémer la nova opció Entrar usant Persona. Poc més a dir. La interfície és tan senzilla i potent que tot és percep en un instant.

Ara, amb Persona, encara més fàcil.

Persona implementation using Java, the whole story

Blog
12/21/13
Lluis Turró Cutiller
20,024
3

I decided to publish Persona implementation mainly because wasn't as easy as explained in Persona site. Also because is lacking of Java code, at least, Java code with no-so-much dependencies.

Follow the instructions found in Quick Setup at Persona site. Notice that the instructions provide best practices for including Persona dependencies. When finished, come back here and prepare for Persona implemented in your Java code.

Lets begin with the easy part, the Java Script code. This is the persona.js file. The example uses JQuery.

/*stands for context path on servlets nomenclature*/
var webRoot = ""; 
/*persona wants to know who is signed in*/
var currentMail = null; 
/*for app servers running on different ports*/
var webPort = 80; 
/*did user signed in without persona*/
var internalSignIn = false;
/*should we reload current page */
var reloadSignIn = false; 

$(document).ready(function() {
  loadElephant();
  if(!internalSignIn) {
    navigator.id.watch({
      loggedInUser: currentMail,
      onlogin: function(assertion) {
        $.ajax({
          type: 'POST',
          url: webRoot + '/auth/login', 
          port: webPort,
          data: {assertion: assertion},
          success: function(res, status, xhr) { 
            if(reloadSignIn) { 
              window.location.href = window.location.href; 
            }
          },
          error: function(xhr, status, err) {
            navigator.id.logout();
          }
        });
      },
      onlogout: function() {
        $.ajax({
          type: 'POST',
          url: webRoot + '/auth/logout', 
          port: webPort,
          success: function(res, status, xhr) { 
            window.location.href = window.location.href; 
          },
          error: function(xhr, status, err) {  }
        });
      }
    });
  }
});

Notice the use of some variables that will make your coding more useful in the long term. OK, now we dive into their use and how to get them initialized:

BrightSide introduces Persona, a Single Sign On system developed and hosted at Mozilla

New & Noteworthy
12/16/13
Lluis Turró Cutiller
10,097
0

OpenID has been the SSO universally accepted in social networks, once accepted that not everyone using it kwew what was this all about. Persona, formerly BrowserId, irrupted in SSO world with force, simplicity and open sourced. The ingredients seem perfect to atract developer interes.

Sign once, be recognized ever

That's what we expect from an SSO, not being asked every time for our nick name and password. The fact that security is one of the main factors when we sign into a system, may not be so atractive to the final user, but it is to developers. SSO systems are secured with SSL and this is a must have requirement for web based aplications.

BrightSide implementation of Persona

BrightSide allows and recomends using Persona to sign into the system. Major benefits:

  • Sign without password, but with your email. Persona takes care of asking, whether necessary, the Persona password.
  • Verify your identity using your own email.
  • Long term sessions.
  • Sign in and out of web sites separately. Persona remembers where the session was audited.
  • Sign up in less than one minute, manage your account in Persona's site.
  • Single account, multiple web sites.

How it works

Persona site already has multiple examples on different languages. Anyway, I'll publish the source code with the main changes I made to achieve the implementation. I'll also try to provide an easy explanation on how the system works and which security risks you may avoid on your system.

Update: the article about Persona implementation is here Persona implementation using Java, the whole story.

Learn more about Persona at https://login.persona.org.


© turro.org, 2011-2018

lluis@turro.org
Tel. +34 609323947