How do you set up an OpenID provider (server) in Ubuntu?

Question

I want to log onto Stack Overflow using OpenID, but I thought I'd set up my own OpenID provider, just because it's harder :) How do you do this in Ubuntu?

Edit: Replacing 'server' with the correct term OpenID provider (Identity provider would also be correct according to wikipedia).

Answer 1

I personnally used phpMyID just for StackOverflow. It's a simple two-files PHP script to put somewhere on a subdomain. Of course, it's not as easy as installing a .deb, but since OpenID relies completely on HTTP, I'm not sure it's advisable to install a self-contained server...

Answer 2

I've actually done this (set up my own server using phpMyID). It's very easy and works quite well. One thing that annoys me to no end is the use of HTML redirects instead of HTTP. I changed that manually, based on some information gotten in the phpMyID forum.

However, I have switched to myOpenId in the meantime. Rolling an own provider is fun and games but it just isn't secure! There are two issues:

• More generally, you have to act on faith. phpMyID is great but it's developed in someone's spare time. There could be many undetected security holes in it – and there have been some, in the past. While this of course applies to all security-related software, I believe the problem is potentially more severe with software developed in spare time, especially since the code is far from perfect in my humble opinion.
• Secondly, OpenID is highly susceptible to screen scraping and mock interfaces. It's just too easy for an attacker to emulate the phpMyID interface to obtain your credentials for another site. myOpenId offers two very important solutions to the problem.
  • The first is its use of a cookie-stored picture that is embedded in the login page. If anyone screen-scapes the myOpenId login page, this picture will be missing and the fake can easily be identified.
  • Secondly, myOpenId supports sign-in using strongly signed certificates that can be installed in the web browser.

I still have phpMyID set up as an alternative provider using Yadis but I wouldn't use it as a login on sites that I don't trust.

In any case, read Sam Ruby's tutorial!

Answer 3

You might also look into setting up your own site as a delegate for another OpenID provider. That way, you can use your own custom URL, but not worry about security and maintenance as mentioned already. However, it's not very difficult, so it may not meet your criteria :)

As an example, you would add this snippet of HTML to the page at your desired OpenID URL if you are using ClaimID as the OpenID provider:

<link rel="openid.server" href="http://openid.claimid.com/server" />
<link rel="openid.delegate" href="http://openid.claimid.com/USERNAME" />

So when OpenID clients access your URL, they "redirect" themselves to the actual provider.

Answer 4

The pickings for open source stand-alone OpenID providers are pretty slim. Masquerade is the one I've heard the best things about.

Answer 5

Get your own domain name to server as an open id server by using:

Chi.mp - Your .mp domain as an open id server

I got premier.mp as my openid domain from there for free.

Answer 6

I totally understand where you're coming from with this question. I already had a OpenID at www.myopenid.com but it feels a bit weird relying on a 3rd party for such an important login (a.k.a my permanent "home" on the internet).

Luckily, It is easy to move to using your own server as a openID server - in fact, it can be done with just two files with phpMyID.

• Download "phpMyID-0.9.zip" from http://siege.org/projects/phpMyID/
• Move it to your server and unzip it to view the README file which explains everything.
• The zip has two files: MyID.config.php, MyID.php. I created a directory called <mydocumentroot>/OpenID and renamed MyID.config.php to index.php. This means my OpenID URL will be very cool: http://<mywebsite>/OpenID
• Decide on a username and password and then create a hash of them using: echo -n '<myUserNam>:phpMyID:<myPassword>' | openssl md5
• Open index.php in a text editor and add the username and password hash in the placeholder. Save it.
• Test by browsing to http://<mywebsite>/OpenID/
• Test ID is working using: http://www.openidenabled.com/resources/openid-test/checkup/

Rerefence info: http://www.wynia.org/wordpress/2007/01/15/setting-up-an-openid-with-php/ , http://siege.org/projects/phpMyID/ , http://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/

Answer 7

Take a look over at the Run your own identity server page. Community-ID looks to be the most promising so far.