WebSphere Portal 8 Beta now includes integration with OpenID and OAuth identity providers for authentication services. What does this mean to Portal users?
OpenID and OAuth are services available from sites such as Google, Yahoo, OpenID, and Facebook. With this integration, your portal users can use their Google ID, Yahoo ID, Open ID or Facebook ID to log on to your portal.
At first, I thought, “What’s the point of this?” We already have spent a lot of time and money providing Single Sign On to all the applications our Portal hits. What do I get from letting Facebook authenticate my user for me? I still have to know who the user is so I can authorize them for certain parts of the portal.
Well, after thinking about this for a while, it hit me that I needed to look at this from the Portal user’s point of view. Today our users are being inundated with user ids and passwords: Facebook, Twitter, Windows, My Intranet, Your Portal, Best Buy, Sears, etc, etc, etc. In some cases, I use my email address, for others I use a screen name, and still others I use the name assigned to me by someone else.
OpenID and OAuth services are becoming widely available, as shown in the picture here. OAuth is Facebook and OpenID is supported by the other sites mentioned above. I’ve seen so many sites that allow me to log on to their site directly or log on via Facebook (or Google, Yahoo, etc). It gives me a way to have one ID and password that I can use to access all these sites if they support it. Well now Portal will be one of those sites.
For WebSphere Portal, you need more than authentication services, which just guarantees that the user ID is valid. You still need to be able to authorize that user for pages, portlets and other resources. So IBM has provided a way to connect the Open IDs with your registered Portal Users. New users can register a new WebSphere Portal profile with a valid identity provider. Existing users can update their profile with a valid identity provider. They can then log on to WebSphere Portal using the alternate login. They are redirected to the identity provider login page to complete the authentication process.
To make all this happen, you have to register your Portal with the identity provider(s) and then configure WebSphere Portal properly. Directions are in the Portal documentation site located here.