Gentoo Wiki ArchivesGentoo Wiki

Host_your_own_OpenID_server

Contents

Introduction

The purpose of this tutorial is to teach you how to setup an OpenID server on your home box or personal webhost. For example, if you want to authenticate to livejournal as user.domain.tld, this document will help you accomplish that. If you're looking for the reverse - to authenticate to domain.tld as user.livejournal.com - then you'll have to go elsewhere for documentation, at the moment.

If you really like the idea of OpenID, check the lobbying page for a list of people you can encourage to implement this system (many blogs, wikis, and, well, any site that uses authentication in general).

Delegation

In many cases, for your personal use, delegation is easier than setting up your own OpenID server and will work just fine for you intents. Let's pretend you want to edit some pages on the LifeWiki. We'll also pretend that you have a livejournal account, but you have your own site http://user.domain.tld and would rather identify using user.domain.tld than user.livejournal.com. You don't need your own server to do this. Use delegation.

Consider that the index page for your site is http://user.domain.tld/index.php. You would need to put in some html links like so:

 <html>
    <head>
       <title>User's Blog on Domain.tld</title>
       <link rel="openid.server"   href="http://www.livejournal.com/openid/server.bml">
       <link rel="openid.delegate" href="http://user.livejournal.com/">
    </head>
    <body>
       <p>Hi, my name is End User. I like to play frisbee with my dog and take long walks on the beach with hot babes.</p>
    </body>
 </html>

Let's pretend that Zaphod Beeblebrox is piloting the Heart of Gold and kicks the Infinite Improbability Drive into high gear - the LiveJournal servers suddenly turn into polkadotted fish and burst into flames without warning.

What do you do now? How can you authenticate with OpenID? The same way as before. Just register on some other OpenID site such as DeadJournal and switch the bit of code in your html to read thus. You will still be able to login to any OpenID site with the name user.domain.tld!

 <html>
    <head>
       <title>User's Blog on Domain.tld</title>
       <link rel="openid.server"   href="http://www.deadjournal.com/openid/server.bml">
       <link rel="openid.delegate" href="http://user.deadjournal.com/">
    </head>
    <body>
       <p>Hi, my name is End User. I like to play frisbee with my dog and take long walks on the beach with hot babes.</p>
    </body>
 </html>

CoolAJ86 Tested with my personal site, verified "Works For Me"™ quality material!

Getting the code

Livejournal user taral has released this php script, which he considers to be "most of an OpenID server".

Once you download it, I'm not sure what you do with it to make it useful (because I'm only a php novice) but I think the following excerpt from one of the Livejournal comments on his original post is a clue.

As a quick hack, if you comment out these lines in the function login():
setcookie(COOKIE_NAME, COOKIE_VALUE, 0, $_SERVER["PHP_SELF"]);
$_COOKIE[COOKIE_NAME] = COOKIE_VALUE;
$mode = "checkid_immediate";

and replace with this:

if ($cookie_data == COOKIE_VALUE) {
$mode = "checkid_immediate";
}
Then you can use .htaccess to protect a PHP page that does thus:


define("COOKIE_NAME", "secret");
define("COOKIE_VALUE", "whatevercookie_valueissettoinopenid.php");
setcookie(COOKIE_NAME, COOKIE_VALUE,0,"/","yourdomainhere",0);

(note that the path should be to wherever openid.php is, I think)
and you have a hacky login system.

I'll try to get some more information as to where to go from here as I learn more.

A Clue! A Clue! We've found another Clue!

http://www.livejournal.com/users/taral/147710.html?thread=542974#t5
http://www.ctyalcove.org/~elizabeth/openid.phps

A basic "out of the box" openid sever can be downloaded from: http://www.ctyalcove.org/~elizabeth/openid_server.tar.gz Ungunzip, and untar it (winrar?). Edit the openid_config.php.dist file so that "password" is changed to whatever password you would like to use. You may also change the other settings such as the cookie name, value, and sigkey if you wish. The config file also lacks opening and closing tags, so add "<?PHP" to the beginning of the document, and "?>" to the end of the document. You must rename the openid_config.php.dist file to openid_config.php as well before uploading. Once you have completed editing and renaming the config file, upload all the files to wherever you like. Whatever page you point to as your openid username (example.com/index.php if you wish to login as example.com) must contain the link rel to your newly uploaded openid server:

<link rel="openid.server" href="http://example.com/openid/openid.php"/>

You may encounter cookies not working with this openid server. The reason is that the script sets a 100-year cookie which isn't always recognized by a browser. That can be fixed by changing the setcookie line in the openid.php to:

setcookie(COOKIE_NAME, COOKIE_VALUE, time()+60*60*24*365); // removed *100

PHP-OpenID Library and Videntity.org

PHP-OpenID is a more complete implementation of OpenID in PHP, with both server and consumer components, written in an OO fashion, and with some examples. Videntity.org is another option for obtaining an OpenID Identity without having to run a server yourself. You can even use your existing homepage as your identity and have Videntity.org authenticate for you. See the FAQ.

Alternative OpenID server: The Ruby OpenID library

[1] A Ruby library for verifying and serving OpenID identities. Ruby OpenID makes it easy to add OpenID authentication to your web applications.

This library is a port of the Python OpenID library, and features:

Retrieved from "http://www.gentoo-wiki.info/Host_your_own_OpenID_server"

Last modified: Fri, 10 Oct 2008 01:24:00 +1100 Hits: 16,267

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.