For trusted sites, such as internal services, you may wish to simplify the user experience by automatically approving authentication requests. Users will not be prompted to verify authentication requests from these realms.
The OpenID Verification page (2.4 Allowing or denying a login) shows the realm that a host is using.
This configuration is stored in a file:
crowd-openidserver-webapp/WEB-INF/classes/crowdid.approval-whitelist
Each line is a single OpenID realm. If an authentication request is received from a site on that list it will automatically be approved as if the user had selected 'Allow Always'.
RELATED TOPICS
- 3.1 Allowing all hosts
- 3.2 Allowing all except specified hosts ('Blacklist')
- 3.3 Allowing specified hosts only ('Whitelist')
- 3.4 Approval Whitelist