Canonical Voices

Posts tagged with 'openid'

Gerry Carr

We are pleased to announce the launch of the brand new Ubuntu single sign on service.  The goal of this service is to provide a single, central login service for all Ubuntu-related sites, thus making it more convenient for Ubuntu users and community members to access information, communicate, and contribute.  This service will replace the existing Launchpad login service that is currently in use for many Ubuntu-related sites, although existing Launchpad accounts will continue to work in the new service.

Over the next few months we will be moving all of the Ubuntu and Canonical related sites that currently use the Launchpad service to Ubuntu single sign on, starting with sites we manage directly and then working with community site owners to move the community-managed sites.

Because of the number of existing Ubuntu users who have created accounts in Launchpad for the purpose of logging into other sites, we have set the Ubuntu and Launchpad services to share account data during the transition.  Launchpad is in the process of enabling users to log in with an Ubuntu account and, once completed, this sharing will be removed.  This does mean that you will be able to log into both services with the same credentials for a while.  We realise this is something internet users have been encouraged to not do but it is a necessary side-effect of the transition.  Doing this ensures you won’t lose access to services you’ve purchased from us in the past or your account histories in the sites you’ve previously visited, as long as you use your existing Launchpad credentials on Ubuntu single sign on.

Ubuntu single sign on is built on OpenID so, once all the sites we know about have moved over, we will also be opening up the OpenID service to enable you to log in to any site which accepts standard OpenIDs.

Some questions we think you may have for us:

Why replace the Launchpad login service?

The Launchpad login service has served us well for several years but Launchpad is not a familiar brand for many Ubuntu users.  As Ubuntu grows, we’ll see more and more users who don’t understand the connection between Launchpad and Ubuntu and the new Ubuntu login service is intended to overcome this problem.  It will also enable us to develop features which are more oriented to Ubuntu users.

How does the new service differ from the old one?

For now, not much apart from the appearance of the site.  We have many plans for great new features, however, and hope to roll these out once the service is established.  If you have ideas for other features you’d like to see in Ubuntu single sign on, we’d love to hear about them.

Is the new service Open Source?

No, it’s not.  It is, however, built and hosted on open source technologies (python, django, apache and postgres amongst others).

I have a problem with the new service.  Where can I get help?

We have an email support channel.  You can submit your support requests using our support form.  If you have found a bug, please take a few minutes to tell us about it on Launchpad.

We’re sure you have more questions.  Please submit them and we’ll do our best to respond to them all.

Stuart Metcalfe, Infrastructure Systems Development, Canonical

Read more
James Henstridge

Last week, we released the source code to django-openid-auth.  This is a small library that can add OpenID based authentication to Django applications.  It has been used for a number of internal Canonical projects, including the sprint scheduler Scott wrote for the last Ubuntu Developer Summit, so it is possible you’ve already used the code.

Rather than trying to cover all possible use cases of OpenID, it focuses on providing OpenID Relying Party support to applications using Django’s django.contrib.auth authentication system.  As such, it is usually enough to edit just two files in an existing application to enable OpenID login.

The library has a number of useful features:

  • As well as the standard method of prompting the user for an identity URL, you can configure a fixed OpenID server URL.  This is useful for deployments where OpenID is being used for single sign on, and you always want users to log in using a particular OpenID provider.  Rather than asking the user for their identity URL, they are sent directly to the provider.
  • It can be configured to automatically create accounts when new identity URLs are seen.
  • User names, full names and email addresses can be set on accounts based on data sent via the OpenID Simple Registration extension.
  • Support for Launchpad‘s Teams OpenID extension, which lets you query membership of Launchpad teams when authenticating against Launchpad’s OpenID provider.  Team memberships are mapped to Django group membership.

While the code can be used for generic OpenID login, we’ve mostly been using it for single sign on.  The hope is that it will help members of the Ubuntu and Launchpad communities reuse our authentication system in a secure fashion.

The source code can be downloaded using the following Bazaar command:

bzr branch lp:django-openid-auth

Documentation on how to integrate the library is available in the README.txt file.  The library includes some code written by Simon Willison for django-openid, and uses the same licensing terms (2 clause BSD) as that project.

Read more