OpenID support is a new feature in Spring Security 2.0 and using it in Grails is very simple. All you need to do is enable it and change your User class to remove the password field (or make it nullable). Since your users will authenticate externally, you no longer store passwords but will still want to store other user data such as name, address, etc.
To enable OpenID, edit grails-app/conf/SecurityConfig.groovy and change
useOpenId = false
to
useOpenId = true
Remove the password property from your User class, and edit your User GSP pages to remove the password fields.
When you create your users, be sure to store the username in the format that your OpenID provider uses, e.g. 'http://username.myopenid.com/'
 |
Yahoo accounts can be used to authenticate via OpenID but unfortunately the username returned by a successful Yahoo login is their long Yahoo identity, e.g. https://me.yahoo.com/a/CkkjY454mGx10td2e5dqhr5Jedt8VAgx and this value has to be stored in the username field in the User table. This is inconvenient for self-registration (users are unlikely to know how to obtain this value) |
That's all you need to do. The LoginController has logic to display the OpenID-specific login page instead of the standard form-based login page. If you customize the controller and/or login page, use LoginController.groovy and openIdAuth.gsp as models. For example, you might want to allow users to log in via OpenID or using their application username and password - just change LoginController.auth() to show the combined login page with both forms instead of branching based on whether OpenID is enabled.