Here I am sitting at my workstation coding away, when all of the sudden, a thought enters my mind:
Can I setup my own OpenID server?
I pull open my terminal, and ‘aptitude search openid’ in Ubuntu. I see two packages with ‘openid’ in the name, one a consumer package, the other a server package. “Sweet!”, I think. So, before installing the package, I begin searching for documentation on setting up an OpenID server in Ubuntu. Seeing as though I’m running my own server in my basement, I figure why not? After all, I own several domains that I could use to authenticate against.
So, I start Googling around, and not to my surprise, I stumble on some Gentoo documentation on their wiki for setting one up. However, first in line in the documentation isn’t setting up a server, but using an existing domain that you already own as delegation to your existing OpenID account. This is easy to do by only adding 3 lines of code to your HTML file under that domain.
I would much rather use aarontoponce.org for my identifier than myopenid.com. So, in the index.html file under aarontoponce.org, I added the following 3 lines of code to the header. For example, if I had an OpenID account at www.myopenid.com, and the URL to that account was atoponce.myopenid.com, then here is what I would add:
<link rel="openid.server" href="http://www.myopenid.com/server"/> <!-- For delegating OpenID v1.x--> <link rel="openid.delegate" href="http://atoponce.myopenid.com"/> <!-- For delegating OpenID v1.x--> <meta http-equiv="X-XRDS-Location" content="http://atoponce.myopenid.com/xrds"/> <!-- For delegating OpenID v2.x-->
The necessary code to add to your HTML file may vary on OpenID server. Check the documentation, or Google around a bit to get the necessary code for your particular server. The code above will only work with myopenid.com. You just need to make the changes as necessary for LiveJournal or other OpenID servers.
All 3 lines are necessary to ensure the maximum compatibility between versions of OpenID servers. Now, when logging into a site that utilizes OpenID (Google- are you listening? 
), I can use my own domain to handle the identification rather than a 3rd party. It is important to note, however, that myopenid.com in this case is handling the authentication, and not aarontoponce.org. Rather, myopenid.com is merely allowing aarontoponce.org to handle the identifying requests. I will still be forwarded to myopenid.com, and asked to enter my password when logging in. I just get to use my own domain, rather than myopenid. Make sense? Hopefully I have all the terminology correct.
{ 24 } Comments
So my question is, you set this up. Do you need your own openID server to do this? I am guessing no, but thought I’d double check.
Also, how hard is it to set up an OpenID server for stuff like Utah Open Source or Ubuntu-Utah or something? I’d be willing to investigate this and provide server space (when I finally get that set up) for anyone who wants to set it up…
Cheers,
Clint
[Reply]
@Clint- No, that’s the point of the post. I don’t need to setup my own server. Rather, I can have my already MyOpenID account delegate aarontoponce.org to act as my identity URL. So, if you wanted to utilize this with Ubuntu-Utah or UTOS, then you would setup an account at a OpenID server (like myopenid.com), then edit the Ubuntu-Utah or UTOS index.html (or index.php- whatever) page, and include those three lines.
Then, when logging into an OpenID login box, you would use your new identity URL, such as ubuntu-utah.org rather than myopenid.com. Of course, you will still be forwarded to myopenid.com to authenticate the site, and you would have to login. This process of delegation just allows you to use your own domain as your identifier rather than what myopenid.com gives you. myopenid.com still handles the authentication.
So, with this method, there is no need for a server. This is a great feature of OpenID.
[Reply]
Great tip! It’s just what I needed. Now I don’t have to store anything on my host.
Thanks!
[Reply]
And what about really hosting an openID server? I’m searching for this…
[Reply]
@Aldous- Cool, eh?
@Andrea- Not sure. When I found this solution, I didn’t bother looking for setting up a server. Rather, this fit my needs very well.
[Reply]
@Aaron: It’s in the page you linked, it seems perfect, i’m testing it.
[Reply]
@Aaron: done, http://www.tankmiche.com/id/openid.php
Thanks for the tip, by the way, I’ll post about it soon…
[Reply]
Great, I’m using it too now (sgevatter.eu.org). Thanks for posting this!
[Reply]
OpenId is not of much use in your comments if I style have to fill in the Name and mail fields. I guess you use wp-openid+ in “unobtrusive mode”. If you uncheck this box, people will be able to only fill the OpenId field and won’t need to fill the others.
phpMyId is a nice and easily setup OpenId server.
[Reply]
Alexandre- You don’t have to fill in the fields. If you already have an OpenID account, then it will fill in the fields for you, if you have setup your personal identity with your OpenID provider.
[Reply]
Sorry, wich plugin are you using for this?
[Reply]
I tried it, if I leave the fields blank and give my OpenId, it tells me that I should first fill in the fields.
[Reply]
Aaaaarg now it works… -_-
Sorry for the noise, feel free to remove my useless comments.
[Reply]
Test without name/email
[Reply]
It seems to get name/email via openID, but it doesn’t show them in the first comment…
[Reply]
Aaron, look at the last two comments: it says “Your comment is awaitig moderation” to anyone! (And they are spam comments, of course…)
[Reply]
Andrea- Yeah… that’s Spam Karma 2 at work. It’s a bit aggressive, but when you’re fighting 300 comment spams / day, it’s necessary. Sometimes they slip through, but for the most part, it’s pretty rock solid.
Thanks for the heads up, though!
[Reply]
Test.
[Reply]
@hardskinone- does it work?
[Reply]
Hi Aaron.
Can you please point me to a good OpenID server side spec or any other source of information ? I would like to implement OpenID server myself.
Thanks in advance.
Cheers,
Artūras B.
[Reply]
Look at this project. It’s cool.
[Reply]
Hi Alperen.
I forgot to mention - I’m thinking about JABA based OpenID server.
Regards,
Artūras
[Reply]
Oppps!
Read “JAVA” instead of “JABA”
[Reply]
Hello, m trying to setup an OpenID server for a project that i’m working on. I have succeded the in setting up the server. But while testing the server it gives and error of “internal error or misconfiguration”. But i had setup the server exactly as was specified in the documentation. Can you help me please to figure out the error in setting up the server.
[Reply]
{ 1 } Trackback
[...] There are a couple things I noticed. First, the MT site definitely seems to load faster than my WP blog (yes, I do have WP-Cache installed and both blogs are in the same DreamHost account). Maybe the publishing creates static pages, but there is a performance difference. Second, OpenID is an option without any needed plugins. Christer Edwards and Aaron Toponce have discussed enabling OpenID on WordPress blogs here and here. [...]
Post a Comment