tags:

views:

164

answers:

2
+3  Q: 

Setting up OpenID delegation on a naked domain with Google App Engine or ZoneEdit

Background

I used to have a standard Linux hosting account for my domain with both http://www.tjrobinson.net/ and http://tjrobinson.net/ displaying the same content. I used http://tjrobinson.net/ as my OpenID login which, combined with the markup below, let me use ClaimID as my OpenID provider but with a shorter, more portable and nicer identifier.

<link rel="openid.server" href="http://openid.claimid.com/server" /> 
<link rel="openid.delegate" href="http://openid.claimid.com/tjrobinson" />

Problem

I've now switched web hosting over to Google App Engine. The problem is I can't use http://tjrobinson.net/ as my OpenID login anymore as Google App Engine doesn't support 'naked domains'.

I use ZoneEdit to host my DNS and although I can set up a WebForward (301 Redirect) to http://www.tjrobinson.net/, it doesn't work with the OpenID delegation.

Question

Is there a way I can set up OpenID delegation for the naked domain using either Google App Engine or ZoneEdit (or another free service)?

Update

Strange, it seems to be working now - perhaps it was a problem with Stack Overflow, or my DNS changes hadn't fully propagated? It looks like the 301 Redirect does work after all, at least with the Stack Overflow and other OpenID enabled sites I've tried.

+1  A: 

You can't host App Engine sites on 'naked' domains. If, as you say, sending a 302 doesn't work (I'm guessing it'll actually prove to be somewhat dependent on the site in question), you need to find somewhere to host a simple static file on the naked domain for the base name.

Nick Johnson  2009-11-15 15:34:49
+2  A: 

The specification on identity discovery explicitly calls for the consumer to follow all redirects.

From section 7.2. Normalization of OpenID 2.0 specification:

URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] [...] to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication (Requesting Authentication).

Your setup is expected to work fine.

Yang Zhao  2009-11-18 09:12:47

related questions

How do I setup an MX record for a sub-domain?
Wildcards in a hosts file
Best DNS with API access.
How to gain SSL load balancing!!!
How do I get a list of all subdomains of a domain?
Using glibc, why does my gethostbyname fail after I/DHCP has changed the DNS server?
How does my shared host's nameserver resolve http://servername.com/~username/ to my top level domain?
Regular expression to match hostname or IP Address?
Can I lookup the IP address of a hostname from javascript?
DNS- Route DNS for subfolder to different server?
Python + DNS : Cannot get RRSIG records: No Answer
Hosting a website on your own server
Does a caching-nameserver usually cache the negative DNS response SERVFAIL
Blocking part of a website
How can I find the current DNS server?
How to use getaddrinfo_a to do async resolve with glibc
Setting Nameservers - how?
Redirect from domain name to a dotted quad hosted box
Redirecting ".local" subdomain to unicast DNS
Does the PHP mail() function work if I don't own the MX record
How do I find the authoritative name-server for a domain name?
How to redirect siteA to siteB with A or CNAME records
How do I prevent dnsmasq from appending my domain name to invalid domain requests?
Reverse DNS in Ruby?
How to make subdomain user accounts in a webapp