For trusted sites, such as internal services, you may wish to simplify the user experience by automatically approving authentication requests. Users will not be prompted to verify authentication requests from these realms.

The OpenID Verification page (2.4 Allowing or denying a login) shows the realm that a host is using.

This configuration is stored in a file:

crowd-openidserver-webapp/WEB-INF/classes/crowdid.approval-whitelist

Each line is a single OpenID realm. If an authentication request is received from a site on that list it will automatically be approved as if the user had selected 'Allow Always'.

Example

In the default configuration, using the demo OpenID client to authenticate, the OpenID server will present an OpenID verification page:

The following site:
http://localhost:8095/openidclient
has requested that you confirm the following address as your personal identity

Adding:

http://localhost:8095/openidclient

to the approval whitelist would automatically approve the demo OpenID client for all users.

RELATED TOPICS

Crowd Documentation

  • No labels