How do you set up an OpenID provider (server) in Ubuntu?
Asked Answered
M

6

15

I want to log onto Stack Overflow using OpenID, but I thought I'd set up my own OpenID provider, just because it's harder :) How do you do this in Ubuntu?

Edit: Replacing 'server' with the correct term OpenID provider (Identity provider would also be correct according to wikipedia).

Monotint answered 26/8, 2008 at 16:53 Comment(2)
This question is now seriously outdated. The two most popular providers at the time (phpMyID and Community-ID) are no longer developed. Chi.mp has been down for who knows how long and myOpenID's certificate based authentication has been unavailable for over a year. Is there any way to..."revitalize" a question or something?Northwestward
Good question. Your comment is a good starting point to let people know that it's outdated, at least. Perhaps you could ask on meta.stackoverflow.com?Monotint
C
5

I personnally used phpMyID just for StackOverflow. It's a simple two-files PHP script to put somewhere on a subdomain. Of course, it's not as easy as installing a .deb, but since OpenID relies completely on HTTP, I'm not sure it's advisable to install a self-contained server...

Conservatoire answered 26/8, 2008 at 16:58 Comment(1)
Contains dead linksTitulary
C
10

You might also look into setting up your own site as a delegate for another OpenID provider. That way, you can use your own custom URL, but not worry about security and maintenance as mentioned already. However, it's not very difficult, so it may not meet your criteria :)

As an example, you would add this snippet of HTML to the page at your desired OpenID URL if you are using ClaimID as the OpenID provider:

<link rel="openid.server" href="http://openid.claimid.com/server" />
<link rel="openid.delegate" href="http://openid.claimid.com/USERNAME" />

So when OpenID clients access your URL, they "redirect" themselves to the actual provider.

Curfew answered 30/8, 2008 at 3:50 Comment(2)
Just wanted to add a note that ClaimID is no longer in service.Curfew
Contains dead linksTitulary
S
7

I've actually done this (set up my own server using phpMyID). It's very easy and works quite well. One thing that annoys me to no end is the use of HTML redirects instead of HTTP. I changed that manually, based on some information gotten in the phpMyID forum.

However, I have switched to myOpenId in the meantime. Rolling an own provider is fun and games but it just isn't secure! There are two issues:

  • More generally, you have to act on faith. phpMyID is great but it's developed in someone's spare time. There could be many undetected security holes in it – and there have been some, in the past. While this of course applies to all security-related software, I believe the problem is potentially more severe with software developed in spare time, especially since the code is far from perfect in my humble opinion.
  • Secondly, OpenID is highly susceptible to screen scraping and mock interfaces. It's just too easy for an attacker to emulate the phpMyID interface to obtain your credentials for another site. myOpenId offers two very important solutions to the problem.
    • The first is its use of a cookie-stored picture that is embedded in the login page. If anyone screen-scapes the myOpenId login page, this picture will be missing and the fake can easily be identified.
    • Secondly, myOpenId supports sign-in using strongly signed certificates that can be installed in the web browser.

I still have phpMyID set up as an alternative provider using Yadis but I wouldn't use it as a login on sites that I don't trust.

In any case, read Sam Ruby's tutorial!

Settlement answered 27/8, 2008 at 7:55 Comment(1)
Contains dead linksTitulary
C
5

I personnally used phpMyID just for StackOverflow. It's a simple two-files PHP script to put somewhere on a subdomain. Of course, it's not as easy as installing a .deb, but since OpenID relies completely on HTTP, I'm not sure it's advisable to install a self-contained server...

Conservatoire answered 26/8, 2008 at 16:58 Comment(1)
Contains dead linksTitulary
P
3

Take a look over at the Run your own identity server page. Community-ID looks to be the most promising so far.

Pat answered 5/10, 2010 at 20:0 Comment(0)
G
0

I totally understand where you're coming from with this question. I already had a OpenID at www.myopenid.com but it feels a bit weird relying on a 3rd party for such an important login (a.k.a my permanent "home" on the internet).

Luckily, It is easy to move to using your own server as a openID server - in fact, it can be done with just two files with phpMyID.

  • Download "phpMyID-0.9.zip" from http://siege.org/projects/phpMyID/
  • Move it to your server and unzip it to view the README file which explains everything.
  • The zip has two files: MyID.config.php, MyID.php. I created a directory called <mydocumentroot>/OpenID and renamed MyID.config.php to index.php. This means my OpenID URL will be very cool: http://<mywebsite>/OpenID
  • Decide on a username and password and then create a hash of them using: echo -n '<myUserNam>:phpMyID:<myPassword>' | openssl md5
  • Open index.php in a text editor and add the username and password hash in the placeholder. Save it.
  • Test by browsing to http://<mywebsite>/OpenID/
  • Test ID is working using: http://www.openidenabled.com/resources/openid-test/checkup/

Rerefence info: http://www.wynia.org/wordpress/2007/01/15/setting-up-an-openid-with-php/ , http://siege.org/projects/phpMyID/ , https://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/

Gershon answered 6/11, 2009 at 16:33 Comment(1)
Contains dead linksTitulary
T
0

The above answers all seem to contains dead links.

This seems be a possible solution which is still working: https://simpleid.org/

Titulary answered 13/5, 2022 at 15:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.