How to configure OpenID user authentication

A user can be authenticated using his openid, but he also requires to have a user 'account' in the dalicms project.

This can be done by:

  • assigning the openid url of a user to his existing user account in dalicms
  • after signing in using openid, an unexisting user is asked to fill out the registration form. a number of fields can be pre-filled with data from the openid provider.



Whether the user is trying to sign in (login.jsp) or to create a new account (register.jsp), the LoginServlet? is called when the user chose for openId. After the openid authentication, the user is redirected to either the normal page an authenticated user is sent to, or to a register page (with pre-filled values).
The login servlet is found here: /contextroot/login. Following parameters have to be specified:

  • method: oid_login
  • redirect: the page a user is redirected to after successfull authentication.
  • errorpage: the page a user is forwarded to after an error
  • oid_nologin: the page a user is forwarded to after a successfull authentication, but when that user has no account yet
  • override_oid_callback [OPTIONAL]: the absolute url where the openID provider should return to. this MUST be the url of the login servlet. this parameter is set by default and must only be overriden in special cases.

Scenarios in user module (modules/user)

user login (login.jsp)

The hidden parameters:

  • redirect
  • errorpage
  • oid_nologin

have to be specified when using the oid_login method on the LoginServlet?. By default (in the file modules/user/login.jsp) they have these values: 

      <input type="hidden" name="redirect" value="${param['redirect']}" />
      <input type="hidden" name="errorpage" value="/modules/user/login.jsp?redirect=${param['redirect']}" />
      <input type="hidden" name="oid_nologin" value="/modules/user/registeroid.jsp?redirect=${module_user_redirect}"/>

Redirect has to be an full URL. (possibly relative to the domain) Errorpage and oid_nologin are 'forwards' and need to be contextroot-relative.

Following possibilities occur:

user exists in dalicms project

openid login succeeds

The user is redirected to 'redirect'

openid login fails

The user is forwarded to 'errorpage'. In this case this is the login.jsp, where the user can opt to retry using his openid or login with a 'normal' account. A request attribute called 'msg' is available.

user does NOT exist in dalicms project

openid login succeeds

The user is forwarded to 'oid_nologin'. In this case the registeroid.jsp, where the user can create his account. Values can be pre-filled. The object 'oiduser' is available on the session, which contains following fields from his openid profile:

  • his userid (oiduser.userId)
  • his email address (oiduser.email)
openid login fails

The user is forwarded to 'errorpage'. In this case this is the login.jsp, where the user can opt to retry using his openid or login with a 'normal' account. A request attribute called 'msg' is available.

user registration (register.jsp)

The hidden parameters:

  • redirect
  • errorpage
  • oid_nologin

have to be specified when using the oid_login method on the LoginServlet?. By default (in the file modules/user/register.jsp) they have these values: 

      <input type="hidden" name="redirect" value="${param['redirect']}" />
      <input type="hidden" name="errorpage" value="/modules/user/register.jsp?redirect=${param['redirect']}" />
      <input type="hidden" name="oid_nologin" value="/modules/user/registeroid.jsp?redirect=${param['redirect']}"/>

Redirect has to be an full URL. (possibly relative to the domain) Errorpage and oid_nologin are 'forwards' and need to be contextroot-relative.

Following possibilities occur:

user exists in dalicms project

openid login succeeds

The user is redirected to 'redirect'

openid login fails

The user is forwarded to 'errorpage'. In this case this is the register.jsp, where the user can opt to retry or to register in the normal fashion. A request attribute called 'msg' is available.

user does NOT exist in dalicms project

openid login succeeds

The user is forwarded to 'oid_nologin'. In this case the registeroid.jsp, where the user can create his account. Values can be pre-filled. The object 'oiduser' is available on the session, which contains following fields from his openid profile:

  • his userid (oiduser.userId)
  • his email address (oiduser.email)

A request attribute called 'msg' is available.

openid login fails

The user is forwarded to 'errorpage'. In this case this is the register.jsp, where the user can opt to retry or to register in the normal fashion. A request attribute called 'msg' is available.