Image of the glider from the Game of Life by John Conway
Skip to content

OpenID Delegation

Here I am sitting at my workstation coding away, when all of the sudden, a thought enters my mind:

Can I setup my own OpenID server?

I pull open my terminal, and 'aptitude search openid' in Ubuntu. I see two packages with 'openid' in the name, one a consumer package, the other a server package. "Sweet!", I think. So, before installing the package, I begin searching for documentation on setting up an OpenID server in Ubuntu. Seeing as though I'm running my own server in my basement, I figure why not? After all, I own several domains that I could use to authenticate against.

So, I start Googling around, and not to my surprise, I stumble on some Gentoo documentation on their wiki for setting one up. However, first in line in the documentation isn't setting up a server, but using an existing domain that you already own as delegation to your existing OpenID account. This is easy to do by only adding 3 lines of code to your HTML file under that domain.

I would much rather use for my identifier than So, in the index.html file under, I added the following 3 lines of code to the header. For example, if I had an OpenID account at, and the URL to that account was, then here is what I would add:

<link rel="openid.server" href=""/>       <!-- For delegating OpenID v1.x-->
<link rel="openid.delegate" href=""/>       <!-- For delegating OpenID v1.x-->
<meta http-equiv="X-XRDS-Location" content=""/>        <!-- For delegating OpenID v2.x-->

The necessary code to add to your HTML file may vary on OpenID server. Check the documentation, or Google around a bit to get the necessary code for your particular server. The code above will only work with You just need to make the changes as necessary for LiveJournal or other OpenID servers.

All 3 lines are necessary to ensure the maximum compatibility between versions of OpenID servers. Now, when logging into a site that utilizes OpenID (Google- are you listening? 🙂 ), I can use my own domain to handle the identification rather than a 3rd party. It is important to note, however, that in this case is handling the authentication, and not Rather, is merely allowing to handle the identifying requests. I will still be forwarded to, and asked to enter my password when logging in. I just get to use my own domain, rather than myopenid. Make sense? Hopefully I have all the terminology correct.

{ 24 } Comments

  1. Clint Savage | June 8, 2007 at 2:14 pm | Permalink

    So my question is, you set this up. Do you need your own openID server to do this? I am guessing no, but thought I'd double check.

    Also, how hard is it to set up an OpenID server for stuff like Utah Open Source or Ubuntu-Utah or something? I'd be willing to investigate this and provide server space (when I finally get that set up) for anyone who wants to set it up...



  2. Aaron | June 8, 2007 at 2:46 pm | Permalink

    @Clint- No, that's the point of the post. I don't need to setup my own server. Rather, I can have my already MyOpenID account delegate to act as my identity URL. So, if you wanted to utilize this with Ubuntu-Utah or UTOS, then you would setup an account at a OpenID server (like, then edit the Ubuntu-Utah or UTOS index.html (or index.php- whatever) page, and include those three lines.

    Then, when logging into an OpenID login box, you would use your new identity URL, such as rather than Of course, you will still be forwarded to to authenticate the site, and you would have to login. This process of delegation just allows you to use your own domain as your identifier rather than what gives you. still handles the authentication.

    So, with this method, there is no need for a server. This is a great feature of OpenID.

  3. Aldous | June 8, 2007 at 10:47 pm | Permalink

    Great tip! It's just what I needed. Now I don't have to store anything on my host.

    Thanks! 🙂

  4. Andrea Micheloni | June 9, 2007 at 3:58 am | Permalink

    And what about really hosting an openID server? I'm searching for this...

  5. Aaron | June 9, 2007 at 5:28 am | Permalink

    @Aldous- Cool, eh?

    @Andrea- Not sure. When I found this solution, I didn't bother looking for setting up a server. Rather, this fit my needs very well.

  6. Andrea Micheloni | June 9, 2007 at 6:35 am | Permalink

    @Aaron: It's in the page you linked, it seems perfect, i'm testing it.

  7. Andrea Micheloni | June 9, 2007 at 8:06 am | Permalink

    @Aaron: done,
    Thanks for the tip, by the way, I'll post about it soon...

  8. RainCT | June 9, 2007 at 10:08 am | Permalink

    Great, I'm using it too now ( Thanks for posting this!

  9. Alexandre Franke | June 10, 2007 at 8:15 am | Permalink

    OpenId is not of much use in your comments if I style have to fill in the Name and mail fields. I guess you use wp-openid+ in "unobtrusive mode". If you uncheck this box, people will be able to only fill the OpenId field and won't need to fill the others.

    phpMyId is a nice and easily setup OpenId server.

  10. Aaron | June 10, 2007 at 9:20 am | Permalink

    Alexandre- You don't have to fill in the fields. If you already have an OpenID account, then it will fill in the fields for you, if you have setup your personal identity with your OpenID provider.

  11. Andrea Micheloni | June 10, 2007 at 9:53 am | Permalink

    Sorry, wich plugin are you using for this?

  12. Alexandre Franke | June 10, 2007 at 10:18 am | Permalink

    I tried it, if I leave the fields blank and give my OpenId, it tells me that I should first fill in the fields.

  13. Alexandre Franke | June 10, 2007 at 10:20 am | Permalink

    Aaaaarg now it works... -_-
    Sorry for the noise, feel free to remove my useless comments.

  14. Anonymous | June 10, 2007 at 2:39 pm | Permalink

    Test without name/email

  15. Andrea Micheloni | June 10, 2007 at 2:41 pm | Permalink

    It seems to get name/email via openID, but it doesn't show them in the first comment...

  16. Andrea Micheloni | June 29, 2007 at 11:23 am | Permalink

    Aaron, look at the last two comments: it says "Your comment is awaitig moderation" to anyone! (And they are spam comments, of course...)

  17. Aaron | June 29, 2007 at 12:45 pm | Permalink

    Andrea- Yeah... that's Spam Karma 2 at work. It's a bit aggressive, but when you're fighting 300 comment spams / day, it's necessary. Sometimes they slip through, but for the most part, it's pretty rock solid.

    Thanks for the heads up, though! 🙂

  18. hardskinone | July 30, 2007 at 2:02 pm | Permalink


  19. Aaron | July 30, 2007 at 2:15 pm | Permalink

    @hardskinone- does it work?

  20. Artūras Baranauskas | August 17, 2007 at 3:39 am | Permalink

    Hi Aaron.

    Can you please point me to a good OpenID server side spec or any other source of information ? I would like to implement OpenID server myself.

    Thanks in advance.

    Artūras B.

  21. Alperen Y. Aybar | August 20, 2007 at 2:08 am | Permalink

    Look at this project. It's cool.

  22. Artūras Baranauskas | August 21, 2007 at 3:04 am | Permalink

    Hi Alperen.

    I forgot to mention - I'm thinking about JABA based OpenID server.


  23. Artūras Baranauskas | August 21, 2007 at 3:05 am | Permalink


    Read "JAVA" instead of "JABA"

  24. Purvesh | December 5, 2007 at 7:25 am | Permalink

    Hello, m trying to setup an OpenID server for a project that i'm working on. I have succeded the in setting up the server. But while testing the server it gives and error of "internal error or misconfiguration". But i had setup the server exactly as was specified in the documentation. Can you help me please to figure out the error in setting up the server.

{ 1 } Trackback

  1. [...] There are a couple things I noticed. First, the MT site definitely seems to load faster than my WP blog (yes, I do have WP-Cache installed and both blogs are in the same DreamHost account). Maybe the publishing creates static pages, but there is a performance difference. Second, OpenID is an option without any needed plugins. Christer Edwards and Aaron Toponce have discussed enabling OpenID on WordPress blogs here and here. [...]

Post a Comment

Your email is never published nor shared.