Image of the glider from the Game of Life by John Conway
Skip to content

OpenID Delegation

Here I am sitting at my workstation coding away, when all of the sudden, a thought enters my mind:

Can I setup my own OpenID server?

I pull open my terminal, and 'aptitude search openid' in Ubuntu. I see two packages with 'openid' in the name, one a consumer package, the other a server package. "Sweet!", I think. So, before installing the package, I begin searching for documentation on setting up an OpenID server in Ubuntu. Seeing as though I'm running my own server in my basement, I figure why not? After all, I own several domains that I could use to authenticate against.

So, I start Googling around, and not to my surprise, I stumble on some Gentoo documentation on their wiki for setting one up. However, first in line in the documentation isn't setting up a server, but using an existing domain that you already own as delegation to your existing OpenID account. This is easy to do by only adding 3 lines of code to your HTML file under that domain.

I would much rather use for my identifier than So, in the index.html file under, I added the following 3 lines of code to the header. For example, if I had an OpenID account at, and the URL to that account was, then here is what I would add:

<link rel="openid.server" href=""/>       <!-- For delegating OpenID v1.x-->
<link rel="openid.delegate" href=""/>       <!-- For delegating OpenID v1.x-->
<meta http-equiv="X-XRDS-Location" content=""/>        <!-- For delegating OpenID v2.x-->

The necessary code to add to your HTML file may vary on OpenID server. Check the documentation, or Google around a bit to get the necessary code for your particular server. The code above will only work with You just need to make the changes as necessary for LiveJournal or other OpenID servers.

All 3 lines are necessary to ensure the maximum compatibility between versions of OpenID servers. Now, when logging into a site that utilizes OpenID (Google- are you listening? 🙂 ), I can use my own domain to handle the identification rather than a 3rd party. It is important to note, however, that in this case is handling the authentication, and not Rather, is merely allowing to handle the identifying requests. I will still be forwarded to, and asked to enter my password when logging in. I just get to use my own domain, rather than myopenid. Make sense? Hopefully I have all the terminology correct.

{ 24 } Comments