openid

Making an OpenID Provider with SSL.

Hi, so I'm currently trying to make an OpenID provider. I've tried using two Java based OpenID server packages- Atlassian's Crowd, and WSO2 Identity Server. Now, in my implementation, security is a must, which means using SSL and having HTTPS based OpenIDs. Now, for both WSO2 and Crowd a large number of sites simply do not work with the ...

Retrieve OpenID AX attributes from Google / Yahoo in Rails

I'm using the rails plugin open_id_authentication in my app. This works for MyOpenID, however authenticating with Google I can't get the email address as part of the required attributes. From what I understand, Google ignores sreg attribute requests, and only listens to the AX schema for email address. Here's my code: def open_i...

Best OpenID library for Java

I want users to be able to log into my website with OpenID, but I don't know which library to use. I know which ones are out there, but I would like to know which one would be best. I'm running JOnAS, but no web framework (no Spring, Struts, GWT, etc.). (Please don't chastise me for not using a web framework. I have my reasons.) For...

Is information-card an alternative to open-id?

I just heard about a technology/protocol called "information card", which apparently is an alternative to open-id. How widespread is this and how does it compare to open-id and cas-sso? Also, on what level is Microsoft involved in the standard? ...

How to add logout feature to an OpenID enabled site?

I have recently added OpenID login to my website. But I don't know how to add the logout feature. For example, on clicking the Sign In button I am able to show the login form of the selected OpenID provider, for example Google Account. However, I don't know how to implement a Sign Out button to sign out of the Google Account. Please ad...

Authlogic/OpenID Authentication Fails Using Warp Drive

Warp Drive is a nice way to package an entire Rails application into a Gem for use in other Rails applications. I've gotten Warp Drive to work for a blogging engine I'm creating. There's just one problem - Authlogic OpenID authentication fails. I created a bare-bones OpenID example application. I can compile to a gem with no problems: ...

PHP Library for Authentication and Permissions/Access Control

Until now, I've been the only person who has had access to the editing tools/forms for my sites content, so using http authentication in an SSL protected directory has worked for me. About to add someone to the content entering team so I'm wondering what PHP libraries you'd recommend for authentication and permission/access control to t...

FormsAuthentication.RedirectFromLoginPage does not return me to orignal URL

I reach my login page with the parameter "returnUrl" set to the URL I was on. Then, I login via OpenID (DotNetOpenAuth), and call FormsAuthentication.RedirectFromLoginPage(). The login is successful, however I am not returned to the original page I was on. I'm having the same problem on logout - when I log out I don't remain on the same...

Design question regarding OpenID

Hello! I am building my own blog, for various reasons - mainly for experience building with various tools - but also because that way I can have a blog that thinks like me ;). I have implemented a very narrow authentication system in which users can log in using Open ID. I have a classic log in page - if a new user logs in i ask them f...

Openid-selector and classical website registration

Hello folks, I want to implement on a to-be-released website a OpenID sign-up form which looks like a classical form. I want it to have the following fields : - first name - last name - email - password (+confirm) - captcha Ideally, it should not even bear any mention to OpenID. I do not want to be an OpenID provider myself, but use ...

OpenID provider library recommendations for PHP

Our PHP site uses a home-grown forms auth implementation. We're considering making our site into an OpenID provider so that we can authenticate (using our exisitng user accounts) users on a StackExchange site. If we have to add code or UI to our login form or add fields to our database, that's fine-- we just don't want to have to rip ou...

Include OpenId in drupal

hi! i want to create a OpenId login system like stackoverflow :) in drupal..By default, drupal doesn't offer this..is there any plugin that does this job? EDIT:the user should ALSO be able to login with their yahoo, gmail, aol or blogger account..u guys can't understand my pro.. it's simple..i've openID enabled in my drupal 6. When i t...

Unit testing an OpenID server

Hello, I'm currently working on an authentication system derived of OpenID. I work in Ruby and I use the ruby-openid library. Currently, for my tests, I use fakeweb to fake an openid consumer and server and check everything works well. But I don't like the way I do it. And I'm sure there'd be a much better way to do so. So my question...

How to use OpenID in ASP.net

I would like to create a site that authenticates using Google's OpenID. How would I do this? Also, how would I use roles with custom tables? ...

OpenID Directed Identity/Identifier Selection in PHP

I'm trying to implement an OpenID server in PHP that supports identifier selection (some call this directed identity, which is actually a more specific case of identifier selection). That is, a user can enter a generic URI as their OpenID identifier, log in, and choose what identifier to return to the OpenID consumer. For example, if a...

is openid.claimed_id static?

I'm reading about Federated Login for Google Account Users to figure out how I can have a user log in to a web application using their Google Account. So towards the end of the process, Google returns a Google supplied identifier which is appended as 'openid.claimed_id'. This means the web application uses this identifier to recognize ...

How to implement multiple custom realms with RPX?

Right now I have a free RPX account for integrating Open ID into my web site. I understand that to get a custom realm with RPX (e.g. signon.example.com versus example.rpxnow.com) I need to sign up for the premium service level. Before I can make a decision, I need to know some details on how custom realms are managed with RPX. I have ...

Should I use the Uri class to represent an OpenId identifier in .NET?

Is it appropriate to use the .NET Uri class to handle OpenId identifiers in my code? Or am I better off just using a string? EDIT: The reason for my question is that I want to know the best data type to use for OpenId identifiers in the domain and persistence layers of my application. I'm using DotNetOpenAuth at the web presentation lay...

Yadis authentication without OpenID

I am in need of an authentication system that would work in harmony with the current authentication system my client's server uses. The current system works as follows: A page requiring authentication invokes an in-house developed mod_auth Apache module in the .htaccess file. The user is redirected to a generic log in page. After ente...

Triggering client-side request on the server.

I thought I understood how Open ID works, but now I'm confused... FYI, I'm not trying to understand how to use Open ID as a developer, but rather the actual actions it uses to authenticate via the client's browser. As I understood, the user (for example) choose Google as their Open ID provider. The server then requests a pre-determined...