Creating my own OpenID identity provider

Advertisements

Today, in and amongst meetings, phone calls, and emails, I managed to (with a little help from Adam Graffunder) set up my own OpenID identity running on my staff web account.

Why OpenID? Well, more and more web sites and services are accepting OpenID as an authentication method. Here’s a new article about it called How will OpenID change your site?

How did I do it?

I used phpMyID.

The process basically went like this:

I created a new directory on my web site (staff.washington.edu/oren) called myid. I uploaded the two php files from phpMyID into that directory (MyID.config.php and MyID.php) and followed the installation instructions in the README document.

When I then tried to log in, I got a ‘Missing expected authorization header’ error. No problem – the troubleshooting section of the document explains how to deal with that by using an included .htaccess file – on our server uncommenting the first option set in the file worked (if you’re confused, let me know and I’ll send you a copy of what worked for me).

I then added these two lines to the head section of my index.html file:

<link rel=”openid.server” href=”http://staff.washington.edu/oren/myid/MyID.config.php”&gt;

<link rel=”openid.delegate” href=”http://staff.washington.edu/oren/myid/MyID.config.php”&gt;

And then I was able to log into Basecamp by telling it to use the OpenID server at http://staff.washington.edu/oren/

Cool!

What would be even cooler? Well, phpMyID requires me to pick a new user name and password for its purposes. When I use the OpenID I then get prompted to enter that name and password, using HTTP Digest authentication. I’m sure somebody who knows their way around in this space could figure out how to make it use Shibboleth or Pubcookie and my UW NetID instead. But that’s for someone more sophisticated than I – like Mr. Gettes, or Nathan, or Zephyr 🙂

Technorati Tags: ,

2 thoughts on “Creating my own OpenID identity provider”

  1. That’s awesome! Hopefully with little effort the UW can start providing OpenID’s to all who have UWNetIDs. 🙂

    I’m currently proxying my domain to ClaimID as my identity provider but I may try something like this out if it turns out to be relatively robust. A friend tried setting up OpenID over https through his own server but ran into issues with unauthorized https certs — which is why I’m hesitant to host my own provider.

    I’m interested in finding out how well this works out for you.

    Also, check out this article on OpenID in higher education. UW needs to be on that list of institutions!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s