views:

164

answers:

2

Background

I used to have a standard Linux hosting account for my domain with both http://www.tjrobinson.net/ and http://tjrobinson.net/ displaying the same content. I used http://tjrobinson.net/ as my OpenID login which, combined with the markup below, let me use ClaimID as my OpenID provider but with a shorter, more portable and nicer identifier.

<link rel="openid.server" href="http://openid.claimid.com/server" /> 
<link rel="openid.delegate" href="http://openid.claimid.com/tjrobinson" />

Problem

I've now switched web hosting over to Google App Engine. The problem is I can't use http://tjrobinson.net/ as my OpenID login anymore as Google App Engine doesn't support 'naked domains'.

I use ZoneEdit to host my DNS and although I can set up a WebForward (301 Redirect) to http://www.tjrobinson.net/, it doesn't work with the OpenID delegation.

Question

Is there a way I can set up OpenID delegation for the naked domain using either Google App Engine or ZoneEdit (or another free service)?


Update

Strange, it seems to be working now - perhaps it was a problem with Stack Overflow, or my DNS changes hadn't fully propagated? It looks like the 301 Redirect does work after all, at least with the Stack Overflow and other OpenID enabled sites I've tried.

+1  A: 

You can't host App Engine sites on 'naked' domains. If, as you say, sending a 302 doesn't work (I'm guessing it'll actually prove to be somewhat dependent on the site in question), you need to find somewhere to host a simple static file on the naked domain for the base name.

Nick Johnson
+2  A: 

The specification on identity discovery explicitly calls for the consumer to follow all redirects.

From section 7.2. Normalization of OpenID 2.0 specification:

URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] [...] to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication (Requesting Authentication).

Your setup is expected to work fine.

Yang Zhao