SEC-1288: Default claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier" OR allow form field to be configurable with security namespace config #1514

spring-issuemaster opened this Issue Nov 8, 2009 · 1 comment


None yet
1 participant

Peter Mularien (Migrated from SEC-1288) said:

The default form field for OpenID identifier, as indicated in section 7.1 of the OpenID 2.0 spec, should be "openid_identifier". This should be the default in the Spring Sec OpenIDAuthenticationFilter, since it's unlikely that users would realistically use the default - j_username - in a typical login scenario. At the very least, this should be configurable when using the convenience element in the security namespace, without requiring the user to declare their own filter. The "openid_identifier" field is identified automatically in OpenID-enabled user agents, such as Flock or Firefox with the Verisign SeatBelt plugin.

Luke Taylor said:

Seems like a good idea, since this is recommended in the 2.0 spec. I've changed the default.

spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment