Creating a OpenID Provider in PHP

Question

I have an existing website that I want to turn into an OpenID provider. All my user accounts are stored in a mysql table.

I figured since an OpenID is represented as a URL, I am going to do something like: http://login.mydomain.com/username

I've setup a subdomain, and created an htaccess that redirects all URLs to /login.php?username=[username]

The way I see it, and tell me if I'm wrong, someone goes to let's say StackOverflow, they enter http://login.mydomain.com/myUsername. They get to a page on my server that asks for their password (since I already know their username), I check that it matches, and return the key?

People online recommended using Zend_OpenId_Provider. I've been reading their documentation (http://framework.zend.com/manual/en/zend.openid.provider.html), but I find it very confusing. They have no real world example where the user login/password are stored in a database.

I've also seen php-open-id (http://github.com/openid/php-openid), but no help there either.

It seems to be a pretty common thing to do. Is there a tutorial out there or an example I can easily adapt?

Answer 1

As you tagged this question with zend-framework I think you want to implement this with ZF.

Look at the constructor of the Zend_OpenId_Provider

public function __construct($loginUrl = null,
                            $trustUrl = null,
                            Zend_OpenId_Provider_User $user = null,
                            Zend_OpenId_Provider_Storage $storage = null,
                            $sessionTtl = 3600)

The important one is the $storage parameter.

In the example on http://framework.zend.com/manual/en/zend.openid.provider.html they do not pass any parameters. That means by default the Zend_OpenId_Provider_Storage_File provider is used. Again this one would store per default in files in your TEMP directory (/tmp on Linux).

Basically the example should be fully functional. You could register some more users by calling $server->register($someid, $somepassword);

But as it stores accounts per default in the temporary directory, you should replace that line by something like this (if it is okay to store accounts in files):

$dir = "/var/lib/myopenidusers";
mkdir($dir);
$server = new Zend_OpenId_Provider(null, null, null, new Zend_OpenId_Provider_Storage($dir) );

Now, if you prefer to store your users in a database you have to implement your own Provider_Storage.

Have a look at the abstract class abstract class Zend_OpenId_Provider_Storage. This are the methods you have to implement.

Answer 2

You can try phpMyId. See the demo from http://phpmyid.com/. Every details about phpMyId can be found at http://siege.org/phpmyid.php.

Answer 3

You can try JanRain Engage (http://www.janrain.com/products/engage). It is a simplified interface for OpenID integration with web applications. The free version should be good enough for all practical purposes.

Answer 4

We use: http://source.keyboard-monkeys.org/projects/show/communityid

From their website:

"Community-ID is an OpenID implementation in PHP which is OpenID 2.0 compliant. Community-ID is build to 100% on Open Source software and is release under the BSD license. Users can keep track of their trusted sites and manage them. The login to C-ID can be username/passowrd or a One Time Password with Yubikey. A user can have multiple profiles like with privat or business contact information.

For Community-ID administrators statistics are available to track registration of new users, authorized users per day or the number of trusted sites. Administrators can set the site in maintenance mode or send emails to all registered users.

For user data and authentication, admin can choose the default db storage, or to connect to an LDAP server. Current confirmed supported is OpenLDAP. Other LDAP servers should work also fine."