IBM Tivoli Federated Identity Manager, Version 6.2.2

OpenID planning overview

Tivoli® Federated Identity Manager supports single sign-on through use of the OpenID protocol.

This overview describes the Tivoli Federated Identity Manager implementation of OpenID. The information in the overview enables an administrator to deploy and configure single sign-on federations.

The OpenID specifications refer to an OpenID Provider or Identity Provider as the party who asserts that a user owns a particular identity URL. A Relying Party or Consumer is referred to as the party who receives that information from the identity provider. In Tivoli Federated Identity Manager, the term identity provider is a direct match for the OpenID concept of OpenID Provider or Identity Provider. The OpenID Consumer fits well into the Tivoli Federated Identity Manager concept of service provider.

Tivoli Federated Identity Manager support for OpenID authentication allows for all the OpenID message modes:
associate
A mode for establishing a shared secret with the consumer.
checkid_immediate
A mode for performing a non-blocking check to see if a user owns the claimed identifier URL.
checkid_setup
A mode for performing a check to see if a user owns the claimed identifier URL. The check can optionally include interaction with the user.
check_authentication
A mode for determining if a message signature is valid. This mode is typically used for dumb or stateless consumers.
Note: For a complete description of the OpenID specifications, see the Open ID Web site:

http://www.openid.net

OpenID 1.1 and 2.0 support

Both OpenID 1.1 and OpenID 2.0 are supported.

Parent topic: Configuring

Feedback