Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1288: Default claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier" OR allow form field to be configurable with security namespace config #1514

spring-issuemaster opened this Issue Nov 8, 2009 · 1 comment


None yet
1 participant

Peter Mularien (Migrated from SEC-1288) said:

The default form field for OpenID identifier, as indicated in section 7.1 of the OpenID 2.0 spec, should be "openid_identifier". This should be the default in the Spring Sec OpenIDAuthenticationFilter, since it's unlikely that users would realistically use the default - j_username - in a typical login scenario. At the very least, this should be configurable when using the convenience element in the security namespace, without requiring the user to declare their own filter. The "openid_identifier" field is identified automatically in OpenID-enabled user agents, such as Flock or Firefox with the Verisign SeatBelt plugin.

Luke Taylor said:

Seems like a good idea, since this is recommended in the 2.0 spec. I've changed the default.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment