Logging into SimpleID

You generally don’t need to log into SimpleID first before you can use it to access OpenID-enabled web sites. When you log into these web sites, SimpleID automatically checks whether you have logged in using the identity you have supplied. If you haven’t logged into SimpleID, SimpleID will present the log in page for you to supply your login details.

You can also log into SimpleID manually by going to the URL where you have installed SimpleID. This sends you to your SimpleID home page or dashboard, depending on the version of SimpleID you are using.

When you log in, you will be presented with the log in page.

You will notice one of the following status messages on the login page:

• Secure login using digest. SimpleID will verify your password using an algorithm embedded in the log in page, so that you password is not transmitted over the network. This is the default setting.

• Secure login using HTTPS. You are connected to the SimpleID server using Transport Layer Security. Your user name and password will be encrypted as it is sent to the SimpleID server.

• Your SimpleID configuration does not allow you to log in unsecurely. This means that your browser does not support either of the two methods above.

  By default, SimpleID will not allow you to log in unsecurely. You can override this behaviour by changing the SIMPLEID_ALLOW_LEGACY_LOGIN configuration option in the config.inc file.

• WARNING: Your password will be sent to SimpleID as plain text. You have chosen, in your configuration, to allow passwords to be sent unsecurely. Your password will be sent to SimpleID as plain text. Please note that an attacker may be able to detect your password if you log in using the method.