HOWTO: Setup Your Own OpenID Provider
With all the news of big companies like Yahoo!, IBM, Google, Verisign and Microsoft throwing their weight behind OpenID, I thought I'd investigate this avenue and ultimately ended up jumping on the bandwagon.
The whole point of OpenID is you could use one identity to gain access to a multitude of websites. This is a great idea, but I'm not comfortable with someone else proving who I am. I like to do this myself, so I set to creating my own OpenID server.
This document will detail how you too can setup your own, single identity, OpenID provider (IdP), with cruft free URIs, using phpMyID. Don't worry, it's not a particularly complex process and shouldn't take you more than about 30 minutes to setup, regardless of operating system.
Once finished, you can use your website URI (I use lildude.co.uk) as your OpenID.
- Download and extract the latest copy of phpMyID from http://siege.org/projects/phpMyID/. At the time of writing, the current revision os 0.8 (tgz / zip).
- Now for probably the most complex step, so we'll get it over and done with early. You need to generate a MD5 hash of the username and password you plan on using for your OpenID authentication. The method you use depends on which operating system you are using and what tools you have access to.
- Solaris 10 or later:$ echo -n 'username:phpMyID:password' | digest -a md5
- Other versions of Solaris, Linux and Mac OS X with OpenSSL installed:$ echo -n 'username:phpMyID:password' | openssl md5
- Windows (md5.exe available here):md5.exe -d"username:phpMyID:password"
- Any OS with PHP - Create a file with the following code:
<?php echo md5("username:phpMyID:password") ?>
You need to replace "username" with the username you wish to use and "password" with the secure password you wish to use. Do NOT change the "phpMyID" string.
- Solaris 10 or later:
MyID.config.phpand change the following two lines:
'auth_username' => 'test', 'auth_password' => '37fa04faebe5249023ed1f6cc867329b',
Set 'auth_username' to he username you used in step 2, and set 'auth_password' to the string you got from one of the methods detailed in step 2.
In theory, that's all that's needed, you could now go ahead and upload the directory and set the appropriate headers (more on those later) however I said we'd make things cruft free, so lets carry on.
index.php, and if necessary configure your web server to allow
index.phpas a valid DirectoryIndex. Whilst you're at it, rename the
phpMyID-0.8directory to something simple like
idfor ease of use.
Now if you were to upload the
iddirectory to the root of your web site, your OpenID Provider (IdP) URI would be
http://yourdomain/id/. Take note of this, you'll need it in a moment.
- Edit the
index.phpfile in the
iddirectory and uncomment (remove the # sign) the '
idp_url' line and set the value to your IdP determined above. Mine is:
'idp_url' => '/id/'
Whilst you're at it, feel free to uncomment and set appropriate values for the "Simple Registration Extension" (SREG) section of this file. This helps sites you login with using your OpenID to gather useful information about you. See the SREG spec for more details.
If you feel the need to change anything else in this file, please consult the
README.txtsupplied with phpMyID BEFORE making any changes.
- Now upload the
iddirectory to your web server and check your setup. In the box that appears enter your IdP determined in step 4. If all goes well, you should get a "Try Logging in" link and logging in using the username and password you set in step 2 should succeed.
- Now this IdP isn't the best to use. By all means, use it if you want, but I like to use my site URI without the
/id/part. To do this, add the following lines to the header of your main site:
<link rel="openid.server" href="http://yourdomain/id/" /> <link rel="openid.delegate" href="http://yourdomain/id/" />
Set the href values to your IdP URI (both entries must be the same), and check your setup again. This time, enter your main website address, eg http://yourdomain, in the "Check an ID" box. This should work as before.
That's it. Now you can login to sites that accept OpenID using your main website URI. In my case, I use /.
If you want a simple multi-user OpenID implementation, then why not check out Clamshell - it's phpMyID with the added multi-user functionality added on.
Feel free to post comments to this post using your new OpenID and see how the SREG information is used to populate your name, email and URI (this will be your OpenID URI) for your comment.