My blog as my OpenID identity

To understand openID, you only need to consider the number of Internet accounts you currently maintain. Maybe you have one email account in Yahoo or Google, another account in Flickr for your photos, an account in YouTube for videos, another one in Friendster, Facebook, or MySpace for your social network, and many many more. For each of this site, you need to have a username and a password in order to use the provided services. As your online presence expands, keeping tab of all these accounts becomes more difficult. I have several so I know how difficult it is to remember all username-password combinations. This is the issue openID is trying to solve.

According to their website, "OpenID is a free and easy way to use a single digital identity across the Internet." Ideally, with one OpenID you can login to all your favorite sites eliminating the need to maintain several usernames and passwords. Imagine the convenience of using a single username-password combination for all websites you would like to visit. Well, this is still ideal since not all websites have already adopted OpenID. Surprisingly, you may already have one without knowing it. If you have an account in wordpress.com, your OpenID is simply username.wordpress.com, or if you have one in flickr.com, your OpenID is www.flickr.com/photos/username, and several others. Check this site on how to get one. The interesting thing is that you can use your own website or blog as your OpenID identity. How? Read on.

Following the instructions from this blog, I configured my blog (http://myguide.bagarinao.com/) to be my OpenID identity. If you have one, you can also use it as your own. It is not really difficult, you only need to add the two lines below in the HTML header of your website or blog, that is within the <head> tag. 

<link rel="openid.server" href=http://myguide.bagarinao.com/id/index.php>
<link rel="openid.delegate" href=http://myguide.bagarinao.com/id/index.php>

The trick in the above is the use of delegation, which allows blog owners to use their blog’s URL (in my case, http://myguide.bagarinao.com/) as OpenID identifier while using third party OpenID provider. For this to work, two bits of information are needed. One is the OpenID server (openid.server), which you will specify in the href attribute of the link tag, and the other is the identifier issued by the provider (openid.delegate). The above simply means that you use your provider’s OpenID server specified in the href attribute of openid.server which knows you by the URL given in openid.delegate. To implement this in your own blog, you need to change the href attributes above to the correct one.

Another advantage of delegation is that when you want to change your OpenID provider for whatever reason, you can simply change the href attributes to point to the new provider and you can still use your own URL as your identifier.

If you have access to your webserver and also want to host your own OpenID server like me, you can use phpMyID. You can download it from http://siege.org/projects/phpMyID/. As of writing, the most recent version is 0.8 (phpMyID-0.8.zip).

To install it, extract the files into a temporary directory. You only need MyID.config.php and MyID.php. In my case, I renamed MyID.config.php to index.php and MyID.php to myid.php before uploading them to a subdirectory called id in my webserver. Because of the renaming, I also needed to edit index.php, and specified myid.php in the last line’s require() function.

Accessing index.php (http://myguide.bagarinao.com/id/index.php) displayed

This is an OpenID server endpoint. For more information, see http://openid.net/
Server: http://myguide.bagarinao.com/id/index.php
Realm: phpMyID
Login

So far, so good. Next, I generated a username and password in my linux box using openssl. The command line is

[user] $ echo -n ‘username:realm:password’ | openssl md5

where username is the username you will specify when logging in, realm is phpMyID or whatever string is displayed in the Realm field, and password for your password. This will give you the md5 hash of the string enclosed in single quotes, which you will need later. If you’re using windows, you can download md5 and run the following command:

md5.exe -d"username:realm:password"

Finally, I changed the following information in index.php

‘auth_username’    => ‘myguide’,
‘auth_password’ =>    ’37fa04faebe5249023ed1f6cc867329b’,
‘auth_realm’    =>    ‘myguide.bagarinao.com’,

where auth_password is the output of the command described above with the specified username and realm.

After these changes, accessing the index page displayed the following information:

This is an OpenID server endpoint. For more information, see http://openid.net/
Server: http://myguide.bagarinao.com/id/index.php
Realm: myguide.bagarinao.com
Login

It is now possible to login by clicking the Login link. It will prompt you to enter your username and password. After several redirection if everything works fine, you will get a page that says: "You are logged in as myguide" or whatever username you used in the configuration.

Finally, you can check your configuration by visiting this URL: http://www.openidenabled.com/resources/openid-test/checkup

Leave a Reply