Hosting your own OpenID

A number of providers now allow OpenID access, but none of them say “me” like hosting it on my own servers. I played with a number of these solutions such as Prairie, SimpleID, PHP OpenID, and eventually settled on phpMyID.  A couple of things were important to me in choosing an OpenID system: mySQL, PHP4, ease of setup, multiple users, ID management, and support for Simple Registration Extensions (sreg). Sadly, none of the solutions I tested satisfied all of these requirements.

I really wanted SimpleID to work because it allow for ID management and multiple users, but for some reason it would never let me log in, instead falsely complaining that I did not have JS working on my browser.  It has the drawback of using locally managed files, but had everything else going for it.  If anyone is experienced in using this package, please contact me as I’d like to give it a proper spin.

Prairie looks like the real winner, but my server is still up on PHP4 and can’t simply upgrade without risking a number of applications I use.  I’m in the process of setting up a new PHP5 based system that will host this server.

PHP OpenID is nothing more than examples for you to use in building your own system, which isn’t what I’m looking for at the moment.

I chose to do a multiuser setup for phpMyID so that if I ever need to give someone else access through my OpenID setup, it’s as easy as dropping in a text file.  However, there is a lot missing.  All user info must be editted in a text file that only I have access to – would rather keep the config in mySQL.  There is no login management, or really anything else done through the GUI.  Below are the steps for getting a similar setup.

  1. Download a copy from http://siege.org/projects/phpMyID/phpMyID-0.9.tgz and unarchive it
        tar zxvf phpMyID-0.9.tgz
        mv phpMyID-0.9 id

    or use svn to keep up to date with the latest trunk:

        svn co https://www.siege.org/svn/oss/phpMyID/trunk/ id
  2. Move this “id” directory to the root of your web server.
        mv id /web/documentroot
  3. Make a directory for each user, and copy the file MyID.config.php into each directory as index.php.
        cd /web/documentroot/id
        mkdir user1
        copy MyID.config.php user1/index.html
        cd user1

    Note that you can change user1 in these examples to be whatever username you want to have.

  4. Edit the index.php for each user so that the final require line
        require('MyID.php');

    reads as

        require('../MyID.php');
  5. Edit the auth_username field of the index.php to say ‘user1’ or whatever your chosen username is.
  6. For each index.php you will need to generate an md5 string:
        echo -n ‘username:realm:password’ | openssl md5

    where username matches the username, “user1” in this case, a login realm, and a password for login.  To keep things simple, use the default realm “phpMyID”.  If you really want to change this, you will need to change the matching auth_realm line in MyD.php.  The resulting string will look like this

        66999343281b2624585fd58cc9d36dfc

    Copy and paste this into the auth_password field of the index.php for user1.

  7. Change the ‘idp_url’ field to be
        http://www.server.com/id/user1/

    where http://www.server.com is the domain you are hosting this on.

  8. For more advanced fun, customize the settings in the sreg array so that requesting servers will get a little info about you to hopefully prepopulate any registration fields.
  9. Now, point your browser to the URL from step 7.  You will see the following, which shows you that the system is working.

    This is an OpenID server endpoint. For more information, see http://openid.net/
    Server: http://www.server.com/id/user1/
    Realm: phpMyID
    Login
    This indicates that you are not logged in with this OpenID.  Click Login to be taken to a page that says

        You are logged in as user1
  10. Once you are set with the above, point your browser to http://www.openidenabled.com/resources/openid-test/ and try both tests, entering your new OpenID URL.  Both tests will succeed showing that you can now be identified with that URL.  Repeat the above steps for a ‘user2’ if you want someone else to authenticate through this server.
  11. One last step is to place the following in the headers for your site…
        <link rel="openid.server" href="http://www.server.com/id/user1/"/>
        <link rel="openid.delegate" href="http://www.server.com/id/user1/"/>

    Which will point to the OpenID area you just set up. This allows you to simply use http://www.server.com whenever you want to authenticate.  Obviously only one person (user1 in the example above) can do this for the whole site, but as the owner of the site, this perk is yours.  Note that if  you are redirecting the front page of your site anywhere using an htaccess, this will not succeed.

I successfully tested the above setup with a number of services that use OpenID, such as SourceForge.  Other competing systems such as OAuth are coming around to enable systems like Twitter and WordPress to log you in without having to remember dozens of passwords, and maintaining an identity across the web.

Eventually I would like to replace this with a GUI based OpenID system that can use mySQL to store and manage approved logins.  It should integrate with any of the popular social networking sites as well as be flexible enough to enter custom data to be presented as a profile page to provide an internet-wide id card using your SREG settings.

Advertisements

One thought on “Hosting your own OpenID

  1. Wow, this is really nice. Thanks for the tips and step-by-step instruction. This is a great help. More power!

Comments are closed.