Been having a look at OpenID
. It seems like a really good idea. I have loads of user names and passwords to all the support sites on the internet. You try and pick the same one on each but occasionally there is another joebloggs out there who steals your user name so you have to select another like joebloggs2. And because that web site has a different policy for their password security your usual 8-letter password is now not enough because they want at least 10 with some punctuation. So you have all these user names and all these passwords and the only thing you can do to remember them is write them all down on a post-it and stick it to your monitor! Not very secure!
tries to address the problem of decentralised authentication. It is trying to create a single sign-on for the internet.
Being a Paranoid Penguin, I don’t want to entrust a corporate giant, with access to all my other accounts, so I had a hunt for an OpenID
implementation that I could set up on my own server. I discovered phpMyID
is a single user OpenID
server. The package consists of just 2 PHP
files!. It doesn’t need access to a database or anything really! It’s just the 2 files!
There is a README
file with some easy to follow instructions but I’ll outline the salient points and the problems I had.
- It goes without saying that you make sure that your web server has PHP running in your domain!
- Go to a convenient place under your document root and create a folder to put your configuration files.
- Create a directory for the installation:
$root/openid, where $root is your document root.
- Go into it and download the program body:
- Now create a folder for each user:
- Go into each folder and download the configuration file:
- Next configure each user.
- Load the configuration file (
MyID.config.php) into your favourite text editor and change the last line from
- In your web browser goto http://www.example.co.uk/openid/mrn/MyID.config.php and make a note of the Realm
- Now we have to create our user name and password. On the command line enter:
echo -n ‘username:realm:password’ | openssl md5
where username is your username, realm is the Realm you made a note of earlier and password is your password. This gives you an MD5 hashed encoded string.
- Edit the user’s
MyID.config.php and change the auth_username to the user name you have just invented and the auth_password to the hashed password you have just created.
- Now we must test our login mechanism. From your web browser goto:
http://www.bigsoft.co.uk/openid/mrn/MyID.config.php and click Login.
- Under Plesk I get the message
Missing expected authorization header. so I need to configure the web server to allow the PHP variable
PHP_AUTH_DIGEST to be set by the web server.
- Download the example
htaccess file from the phpMyID site and place it in
- Edit the
.htacess file and uncomment option 3 (mod_setenvif)
- Finally we need to set up a url location that tells the OpenID mechanism where the
- In our user’s directory
$root/openid/mrn create a file called
index.html and fill it with the following:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<link rel="openid.server" href="http://www.bigsoft.co.uk/openid/mrn/MyID.config.php"/>
<link rel="openid.delegate" href="http://www.bigsoft.co.uk/openid/mrn/MyID.config.php"/>
Nothing to see here, move along.
- Now go to the web site that supports OpenID and login with the url
- You will be presented with a login from your server asking you to login. Enter the username and password that you used in step 10 and away you go.