Talk:OpenID

The CouchSurfing Wiki, an informal workspace which anyone can edit.

Jump to: navigation, search

According to the OpenId protocol, CouchSurfing could act as consumer, as server or as both.

An OpenId consumer (or Relying Party) is a web site (server) that allows users to login using an OpenId URL (for example, http://zooomr.com allows users to log in with openid urls).
An OpenId server (or OpenID Provider or Identity Provider) is a server that gives registered users an OpenId URL, with this OpenID URL users can then login in other web sites (for example, every user of livejournal can use http://<username>.livejournal.org as OpenId URL and so can use this OpenId URL in order to login in other sites).

Contents

How to make CouchSurfing an OpenId server

CouchSurfing acting as an OpenId server means that CouchSurfing users will be able to login in other openid-enable sites using an URL such as <nickname>.couchsurfing.com or couchsurfing.com/<username>

Tested libraries

Netmesh

URL: http://netmesh.org/downloads/#templates

Language: PHP

Notes: Installation is not easy and not well documented. Not chosen.

PHP OpenID library

URL: http://www.openidenabled.com/openid/libraries/php /

Documentataion: http://www.openidenabled.com/resources/docs/openid/php/1.2.0-pre2/

Licence: LGPL

Language: PHP

Notes: it depends on PHP Yadis Library ( http://www.openidenabled.com/yadis/libraries/php/ ). By installing with PEAR, everything gets installed but /examples/detect.php gives the following error 

Fatal error: Class Services_Yadis_Yadis not found in /home/username/public_html/examples/detect.php on line 385

In order to fix this, you need to add 

include_once($include_path. "Services/Yadis/Yadis.php");

after the ini_set in detect.php and other files.

Steps

Installed with 

pear install --all-deps http://www.openidenabled.com/resources/downloads/php-openid/pear/Auth_OpenID-1.2.1.tgz
. OK
if needed, remove the library with 
pear uninstall __uri/Auth_OpenID

Installed the PHP Yadis library with 

pear install --alldeps http://www.openidenabled.com/resources/downloads/php-yadis/pear/Services_Yadis-1.0.2.tgz
. KO, there is a conflict: 
ERROR: __uri/Services_Yadis: conflicting files found:

To install this package, copy the Auth/ directory in this package to a directory in your PHP include path. 

cp -r  ~/pear/php/Auth/ PHP-OpenID_API/
OK 
cp -r  ~/pear/php/Services/ PHP-OpenID_API/
OK 
cp -r  ~/copy_downloaded_and_extracted_directly/examples PHP-OpenID_API/
OK

Then visit examples/detect/php but i get 

OpenID Library Support Report

This script checks your PHP installation to determine if you are set up to use the JanRain PHP OpenID library.
Setup Incomplete.
Math support

Your PHP installation does not include big integer math support. This support is required if you wish to run a secure OpenID server without using SSL.

To use this library, you have a few options:

   1. Install the GMP PHP extension
   2. Install the bcmath PHP extension
   3. If your site is low-security, define Auth_OpenID_NO_MATH_SUPPORT. The library will function, but the security of your OpenID server will depend on the security of the network links involved. If you are only using consumer support, you should still be able to operate securely when the users are communicating with a well-implemented server.

Cryptographic-quality randomness source

The library will try to access /dev/urandom as a source of random data. It seems to exist and be readable. Here is some hex data: 27c62ae916b0.
Data storage

Support was found for sqlite and mysql. The library supports the MySQL, PostgreSQL, and SQLite database engines.

If you are using SQLite, your database must be writable by phauly and not available over the web.

If you are using the filesystem store, your data directory must be readable and writable by phauly and not availabe over the Web.
HTTP Fetching

This PHP installation has support for libcurl. Good.

An HTTP request was completed.
XML Support

XML parsing support is present using the Services_Yadis_dom interface.

In order to fix the first problem "Your PHP installation does not include big integer math support.", I just added this line. Note that this is insecure and in the real server GMP must be installed. 

define ('Auth_OpenID_NO_MATH_SUPPORT',true);

examples/detect.php works more or less, let's go on and see which examples can we run

read examples/README

Let's try with examples/consumer

DON'T forget to add the following lines to .php files, in this case, add it to common.php 
include_once($include_path. "Services/Yadis/Yadis.php");
define ('Auth_OpenID_NO_MATH_SUPPORT',true);

examples/consumer seems to work. I was able to verify my OpenID URL. 

PHP OpenID Authentication Example

This example consumer uses the PHP OpenID library. It just verifies that the URL that you enter is your identity URL.

You have successfully verified http://gnuband.org/ as your identity.

Let's try with examples/server

DON'T forget to add the following lines to .php files: to setup.php AND to server.php 
$path_extra = "absolute_path_to_PHP-OpenID_API";
$path = ini_get('include_path');
$path = $path_extra . ':' . $path;
ini_set('include_path', $path);

include_once($include_path. "Services/Yadis/Yadis.php");

define ('Auth_OpenID_NO_MATH_SUPPORT',true);

The file config.php is not there but it gets created by your first execution of examples/server, infact the page we get starts with: 

OpenID Example Server Configuration

Your browser has been redirected to this page so you can configure the server example. This form will auto-generate an OpenID example server configuration for use with the OpenID server example.
The server needs to store OpenID information in a "store".
For now I chose the Filesystem option, so that users are stored in a file. Other options are mysql db and SQLite 


Perfect! I chose all the options, and the page return the text I copied and pasted in examples/server/config.php (need to create it).



 VERY IMPORTANT! Need to add at the beginning and at the end of the config.php file the following chars 
<?php      ?>






OK, here we are ... more or less

Trying to validate the OpenID URL served by the server on an independent consumer http://www.openidenabled.com/resources/openid-test/checkup/start produces an error.



<b>Fatal error</b>: Call to a member function init() on a non-object in 
<b>/path/to/file/Auth/OpenID/DiffieHellman.php</b> 
on line <b>54</b>



This means the reply sent to the relying party is in reality an error and so the relying party correctly does not recognize the OpenID URL.
Reason? Maybe the fact in Auth/OpenID/DiffieHellman.php there is require_once 'Auth/OpenID/BigMath.php' and we are testing without bigmath?










  MediaWiki OpenID Extension 


I'm trying to make the MediaWiki extension work on my system. It should turn MediaWiki in both a consumer and server of OpenID. 
At the moment I'm having troubles with remote authentication though... I'm correctly redirected to my openID provider, but then when it redirects me back to the wiki I get a verification error. Updates coming asap --Bru 20:54, 23 February 2007 (EST)
Update: I finally had success in installing the extension, the is up and running on this wiki.






  PHP Standalone OpenID Server 


This standalone OpenID server uses the JanRain PHP OpenID library (version 1.1.0) and lets you set up an OpenID server complete with admin-controlled or public account creation, Yadis discovery support, and Simple Registration support.

URL: http://www.openidenabled.com/openid/php-standalone-openid-server/

Language: PHP

Notes: It requires  the The JanRain, Inc. PHP OpenID library, version 1.1.0 or greater.   http://www.openidenabled.com/openid/libraries/php

Note: I managed to install this one and I'm now in the process of testing it. --Bru 15:42, 24 February 2007 (EST) 



  Videntity About PHP-OpenID 


URL: http://videntity.org/openid/

Language: PHP

Notes: The last release PHP-OpenID-0.0.8.3.tar.bz2 is dated 2005-09-15 so NOT tested.



   Rails Open ID Server  


URL: http://identity.eastmedia.com/identity/show/Rails+OpenID+Server 

Language: Ruby on Rails

Notes: it needs mongrel. Installation test stopped there for now since I have no public server in which I can use "gem"



  Dealing with new users and old users 


TODO: check carefully this post and ask guidance. 

Keep well separated (1) CS acting as a OpenId server and (2) CS acting as an OpenId consumer.

If CS acts only as OpenId server, users will still have to login into CS with their login and password (as it is now) and then they can user their CS OpenID URL (ex: <nickname>.couchsurfing.com) to login in other sites.

If CS acts only as OpenId server, users will be able to login in CS using their OpenID URL provided by another party (for example, livejournal or myopenid).

It is possible to combine both these features. See http://www.livejournal.com/openid/ about this.







Retrieved from "http://wiki.couchsurfing.com/en/Talk:OpenID"

						
						

		

	

		

		

	
	

		
Personal tools