2

I am trying to configure Apache as an OpenID provider using simpleid.

I have followed the instructions to the letter till I got to the part about "Claim your identifier".

Now, this is where I am stuck.

Let's say my server is at http://example.com and my simpleid installation is at http://example.com/openid, and I have set up an identity john.doe and his identifier URL is http://example.com/openid/john.doe.

I can go to my server's simpleid login page and login okay. The dashboard there shows me all of the identity details that I have set up and the above identifier on the dashboard.

When I log in using an Open ID test site I get 2 results, neither correct:

Scenario 1

I create a file in /openid/john.doe/index.html so it would be available at http://example.com/openid/john.doe with the following contents:

<html>
<head>
<link rel="openid.server" href="http://example.com/openid/" />
<link rel="openid2.provider" href="http://example.com/openid/" />
</head>
</html>

When I try to log in to the test website using http://example.com/openid/john.doe, I get redirected to the login page by the test site. When I log in using the username/password, it logs me in but complains that the ID I am using is a different one that expected. Game over.

Scenario 2

I remove the file at /openid/johndoe/index.html so that there's nothing at http://example.com/openid/john.doe.

Now when I try to log in, it logs me in, shows me the various attributes of the identity I used to log in and then gives the following error.

OpenID authentication failed: No matching endpoint found after discovering http://example.com/openid/john.doe.

I am not sure what I am doing wrong here. Any help will be much appreciated.

PS: I think this should be tagged with simpleid.

Chris S
  • 77,337
  • 11
  • 120
  • 212
Umar Farooq Khawaja
  • 161
  • 7

3 Answers3

2

Strangely enough, the solution was to put the HTML content in a file called /openid/john.doe rather than in /openid/john.doe/index.html.

It now works fine.

Umar Farooq Khawaja
  • 161
  • 7
2

I just stumbled on this question. I have SimpleID working with the following in the index.html that lies at the root of my domain.

<link rel="openid.server" href="https://openid.example.com/" />
<link rel="openid2.provider" href="https://openid.example.com/" />

My OpenID is the URL of my site, http://example.com. If I navigate to that site and View Source in my browser I see the above two lines in the <head> section.

If I navigate to https://openid.example.com then I am presented with the SimpleID dashboard login and I can log in with the credentials set in my identity file (e.g. http://example.com and the password that I hashed into the config).

Note the identity in that config needs to be the same as the URL which loads the page where the above <link> tags can be found. If they don't match then it won't work. Perhaps that was the OP's problem...

The other thing to consider is that the latest version of SimpleID says that you need to use https for the SimpleID server.

starfry
  • 561
  • 1
  • 7
  • 13
1

You are fighting with a non-documented feature. You neither need to manually configure the user's identity file, nor to serve it from an independent source.

It is already (properly) served by the SimpleID installation, under simpleid_documentroot/user/username (for example: https://exampledomain.org/simpleid/user/exampleuser)

For this to work, you'll need to enable SIMPLEID_CLEAN_URL in config.inc and configure Apache to use the Rewrite engine (sample for both is included in the example configuration files).

Using this as an authentication URL will solve the problem in the simplest and most reliable way.

asdmin
  • 2,020
  • 16
  • 28