Migration to Google OpenID Connect

Post date: Aug 15, 2014 6:26:17 PM

CILogon (https://cilogon.org/) has migrated from OpenID 2.0 to OpenID Connect for the Google identity provider, per Google's recommendations. When CILogon users log on using Google identities, CILogon links existing OpenID 2.0 identities with OpenID Connect subject identifiers to ensure a seamless transition, with no changes to the resulting CILogon certificate subject distinguished names for current CILogon users.

As part of this migration, CILogon has removed support for the remaining OpenID 2.0 identity providers (PayPal and Verisign), which were used (primarily for testing purposes) by a very small number of CILogon users. Removing OpenID 2.0 support from the CILogon code base helps us simplify our operations and software maintenance.

Google is still CILogon's most popular identity provider, but a growing percentage of CILogon users are choosing InCommon identity providers instead. 18% of current CILogon users choose to use Google identities, down from 25% a year ago and 36% two years ago. The number of InCommon identity providers available to CILogon users has more than doubled over the past two years, from under 50 identity providers at the start of 2012 to over 120 identity providers today, thanks in large part to the InCommon research and scholarship program.

As always, please contact help@cilogon.org with any questions or comments.