Re: FAS OpenID patch

Hi, So tonight I have been working on making working the jenkins OpenID plugin [1]. This was a little more challenging than anticipated as the plugin ask for the url of the OpenID provider. In our case we want to point to FAS. The 'problem' is that we ask for a username in the OpenID url, while the plugin does not allow this. So I came up with the attached patch which does two things: - Allow to contact /accounts/openid/yavis/ directly (w/o running into an error 500) which allows OpenID discovery by the client. - Allow to authenticate even if the url asked does not contain the username (which the case when coming from jenkins). I'm sending this patch for review, to me approach sounds fine, but I am wondering if the second change here is reducing the security or not. For comparison, google seems to allow url not containing the username, just let the user log-in in if he is not already.