You may have noticed that an increasing number of web sites these days are adopting a new technology for Single Sign-On (SSO) called OpenID. You can sign on with a simple URL-like identifier instead of remembering a username and password for each and every site, thus relieving you from pasting stickies with password hints all over your computer monitor. You may already have an OpenID if you are a user of services like Yahoo, Technorati or LiveJournal. If not, you can get one like mine for free at MyOpenID, ClaimID or any other OpenID Provider.
Figure 1: OpenID Overview
So the other day I was wondering what it would take to implement OpenID as an authentication mechanism for internal or Internet-facing portals running on SAP NetWeaver? After doing some research on the Internet I discovered that most proposed solutions on OpenID-enabling a site basically follow a CGI-/Servlet-based approach to handle the communication between the web site and the OpenID Provider based in the OpenID protocol defined in the OpenID specifications.
Figure 2: OpenID-enabled login at AOL’s Developer Network Site
In the SAP NetWeaver Application Server Java, authentication is performed in a pluggable fashion by login modules based on the Java Authentication and Authorization Service (JAAS). This permits applications to remain independent from underlying authentication technologies and new technologies like OpenID can be plugged in without requiring modifications to the application itself.
So I got my hands dirty and started with an implementation of an OpenID Login Module. The result of this exciting exercise can be downloaded here. Along with the code, I’ve written an article that introduces OpenID in more detail and explains the architecture of the solution and how to deploy it in your SAP NetWeaver system landscape. Please note that this is still a proof-of-concept and not a production-level piece of software.
Figure 3: OpenID-enabled logon page in SAP NetWeaver
I hope this blog and my proposed solution will start a lively discussion around OpenID-support in SAP NetWeaver and I am very interested in your feedback.