We are in a complex authentication environment and must support authentication from several different sources in the applications we develop. Since we don’t want to duplicate the authentication code everywhere, we are considering combining different authentication sources with one OpenID provider, and then all applications depend on this service.
The sources we need to enable authentication are things like Active Directory username / password, Kerberos, shared LDAP, external OpenID providers, etc.
For example, in the case of Kerberos, when a user gets to the OpenID provider authentication page, if he can be authenticated with Kerberos and has already received permission for the requesting application, the user will be transparently authenticated, as if the password had been entered and sent back to the requesting application.
So the question is, can we create an OpenID provider that handles authentication through all these different methods ? Should a provider implement how it authenticates users in a specific way?
source
share