For trusted sites, such as internal services, you may wish to simplify the user experience by automatically approving authentication requests. Users will not be prompted to verify authentication requests from these realms.
The OpenID Verification page (2.4 Allowing or denying a login) shows the realm that a host is using.
This configuration is stored in a file:
crowd-openidserver-webapp/WEB-INF/classes/crowdid.approval-whitelist
Each line is a single OpenID realm. If an authentication request is received from a site on that list it will automatically be approved as if the user had selected 'Allow Always'.
Example
In the default configuration, using the demo OpenID client to authenticate, the OpenID server will present an OpenID verification page:
The following site:
http://localhost:8095/openidclient
has requested that you confirm the following address as your personal identity
Adding:
http://localhost:8095/openidclient
to the approval whitelist would automatically approve the demo OpenID client for all users.
RELATED TOPICS
- 3.1 Allowing all hosts
- 3.2 Allowing all except specified hosts ('Blacklist')
- 3.3 Allowing specified hosts only ('Whitelist')
- 3.4 Approval Whitelist