At present, Zanata uses the same URL for the OpenID return_to value, and for the OpenID realm: (http://zanata.example.org)/openid.xhtml.
We should use (http://zanata.example.org/) (ie the Zanata web app home) as the realm. This should make the authorisation request to the user look neater (eg on the Fedora auth page), and perhaps a little more understandable for users. (This can be done in ZanataOpenId.authRequest(), by passing an extra realm parameter to org.openid4java.consumer.ConsumerManager.authenticate.)
Also, we should run the return_to URL through Rewrite, so that the .xhtml extension won't be visible (to the user, or to the OpenID provider).