Image of the glider from the Game of Life by John Conway
Skip to content
{ 2007 06 08 }

OpenID Delegation

Here I am sitting at my workstation coding away, when all of the sudden, a thought enters my mind:

Can I setup my own OpenID server?

I pull open my terminal, and 'aptitude search openid' in Ubuntu. I see two packages with 'openid' in the name, one a consumer package, the other a server package. "Sweet!", I think. So, before installing the package, I begin searching for documentation on setting up an OpenID server in Ubuntu. Seeing as though I'm running my own server in my basement, I figure why not? After all, I own several domains that I could use to authenticate against.

So, I start Googling around, and not to my surprise, I stumble on some Gentoo documentation on their wiki for setting one up. However, first in line in the documentation isn't setting up a server, but using an existing domain that you already own as delegation to your existing OpenID account. This is easy to do by only adding 3 lines of code to your HTML file under that domain.

I would much rather use aarontoponce.org for my identifier than myopenid.com. So, in the index.html file under aarontoponce.org, I added the following 3 lines of code to the header. For example, if I had an OpenID account at www.myopenid.com, and the URL to that account was atoponce.myopenid.com, then here is what I would add:

1
2
3
<link rel="openid.server" href="http://www.myopenid.com/server"/>       <!-- For delegating OpenID v1.x-->
<link rel="openid.delegate" href="http://atoponce.myopenid.com"/>       <!-- For delegating OpenID v1.x-->
<meta http-equiv="X-XRDS-Location" content="http://atoponce.myopenid.com/xrds"/>        <!-- For delegating OpenID v2.x-->

The necessary code to add to your HTML file may vary on OpenID server. Check the documentation, or Google around a bit to get the necessary code for your particular server. The code above will only work with myopenid.com. You just need to make the changes as necessary for LiveJournal or other OpenID servers.

All 3 lines are necessary to ensure the maximum compatibility between versions of OpenID servers. Now, when logging into a site that utilizes OpenID (Google- are you listening? 🙂 ), I can use my own domain to handle the identification rather than a 3rd party. It is important to note, however, that myopenid.com in this case is handling the authentication, and not aarontoponce.org. Rather, myopenid.com is merely allowing aarontoponce.org to handle the identifying requests. I will still be forwarded to myopenid.com, and asked to enter my password when logging in. I just get to use my own domain, rather than myopenid. Make sense? Hopefully I have all the terminology correct.

Posted by Aaron Toponce on Friday, June 8, 2007, at 1:12 pm. Filed under OpenID. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog. For IM, Email or Microblogs, here is the Shortlink.

{ 24 } Comments