federated_logon May 11, 2011 / Updated: Jan 19, 2015
Interface to federated login handlers
The plugin will use a federated login such as Google Accounts as a logon server. If the logon succeeds it will log that user onto Zenphoto. An attempt will be made to match the user to an existing Zenphoto user. If such is found, then the user is logged in as that Zenphoto user. If not, a Zenphoto user will be created and logged in.
The default privileges for a created user are obtained from the viewers group. (The user will belong to that group.) This will be the case whether or not the user_groups plugin is enabled. If you want to be able to specify unique default priviledges you will have to use the user_groups plugin at least until you have defined your default group.
You may also find the user_expiry plugin useful in conjunction with this plugin. Since users may arbitrarily be created from those visitors who login with their federated credentials you may want to "age" these users and remove them after some period of time. That is done by the user_expiry plugin.
Currently there is only one type of handler available. It is an OpenID handler based on the Janrain OpenID Enabled library. There are some server requirements for this library. To see if you server meets them run the script zp-core/zp-extensions/federated_logon/OpenID_detect.php. It will give you a report on what might need be done. You can ignore items about data stores as they are not used in this implementation.
See also the Janrain Readme.txt file.
Zenphoto provides handlers for Google, Yahoo, Verisign, and MyOpenid. Other handlers can be created and placed in the plugins/federated_logon folder. Integration with Zenphoto is fairly simple. The logon handler script should be named ending in _logon.php. The plugin will use the name up to that point as the selector on the logon form.
You need to preserve the $_GET['redirect'] parameter for use after the authentication is successful at which time you call the federated_logon::credentials() function passing a user ID, e-mail and name (if you have them) and the redirection link you saved above. As an example, the former is done at the beginning of the OpenID_logon.php script. The latter is done in the "run()" function of OpenID_finish_auth.php
Included in the Zenphoto release.