Setting up your own OpenID Server

May 3, 2007 in OpenID by Carsten Pötter | View Comments

There are some people who consider OpenID providers a risk to privacy because providers are able to monitor all the sites users log in with their OpenID; they could sell the precious data for advertising and whatnot.

So what can you do to minimize that risk? Well, first start reading the Terms of Service and Privacy Statements of your OpenID provider. There are some differences between the various providers, so find out which one fits your (security) needs the best.

You’re still not happy? Fear not! Go and set up your own OpenID server. That’s right and if you are really bored you can jot down your very own privacy statement, too.

How to set it up?

Things have become easier recently and even I (read: ignorant to all things tech) have managed to successfully install it. So it shouldn’t be much of a problem for you anyway. Ben Dodson has created phpMyOpenID which is a simple installer based on phpMyID.

So before you start downloading you should make sure that you can provide these things: a PHP powered website or blog, a FTP client, your favourite tool to extract ZIP files, and of course some basic knowledge how to use them. :D

No problem? Great! Now just follow these simple steps and you’re done:

  • download phpMyOpenID
  • extract the folder and upload it to the root directory of your website or blog
  • change permission of the phpmyopenid folder to CHMOD 777 (see help file of your FTP client)
  • run the installation script from this URL:

    http://yourwebsite.com/phpmyopenid/install.php

  • provide a user name and password (and remember it!)
  • follow the instructions and copy the two lines of HTML to the header of your site (look for the <head> tag)
  • try to log in to any OpenID enabled website, then delete install.php and change the permission of the phpmyopenid folder to CHMOD 775
  • be happy :)

Troubleshooting

Those instructions should work for most people. However I got this error message: Missing expected authorization header.
If you get that one try Mike West’s solution. It worked. If you doubt all things work properly, you can try the server tests on openidenabled.com; just make sure you run them in the correct order.

As you have seen it’s pretty easy to run your own OpenID server. If you’re curious and a little bit geeky, give it a try. Nevertheless I have delegated my OpenID to another provider again because I think I can’t provide all security measures a real provider is able to. But that’s up to you, of course.

Tags: , , , ,

View Comments

  1. Ben Dodson’s avatar

    Ben Dodson on May 3, 2007 at 18:00

    If you drop me an email about the “Missing expected authorization header” error and the steps you took to get to it, then I’ll try and find out where the problem is coming from and fix it in a future release!

  2. Carsten Pötter’s avatar

    Carsten Pötter on May 3, 2007 at 20:17

    I have sent an email. :)

  3. I.X.’s avatar

    I.X. on July 10, 2007 at 07:42

    hi i have successfully installed phpMyOpenID server by following your instructions. But im not getting how the users on my site will get registered with this server. Is there some registration process required. If yes how to tell users about the regisration process.

    thanks in advance.

    I.X.

  4. Ben Dodson’s avatar

    Ben Dodson on July 10, 2007 at 09:37

    Hi I.X.

    phpMyOpenID is currently only a server for a single user (so it’s really just for you to set up your own account). I will be creating a new release shortly which will allow for multi-user registration so I’ll let you know when this happens!

    Ben

  5. Carsten Pötter’s avatar

    Carsten Pötter on July 10, 2007 at 19:59

    Ah sorry, I’m late on this but luckily Ben has answered the question already. And there’s no one who knows better. :)

  6. Robbie Trencheny’s avatar

    Robbie Trencheny on August 21, 2007 at 08:21

    Hey Ben Dodson’s site is down. Can you mirror PHPOpenID?

  7. Ben Dodson’s avatar

    Ben Dodson on August 21, 2007 at 12:39

    Hello,

    Sorry, I recently upgraded my server and my site is regenerating (as seen by the rather geeky Dr Who tribute on my homepage!) – I’ll get it back up and running this afternoon for you.

    Ben

  8. Robbie Trencheny’s avatar

    Robbie Trencheny on August 22, 2007 at 00:39

    Thanks Ben. But its still not up :(

  9. Carsten Pötter’s avatar

    Carsten Pötter on August 22, 2007 at 00:45

    Well, I still have the index.php and install.php files on my hard disk. Though I don’t know if those are the current ones. If Ben doesn’t mind I can send them to you by email. Well, that will be in about 19 hrs or so because I have to sleep and work before. ;)

  10. Ben Dodson’s avatar

    Ben Dodson on August 24, 2007 at 16:55

    Hey guys – Site is back up now at http://labs.bendodson.com/phpmyopenid/

    This will be changing shortly as I’m completely rebuilding my site but I’ll let you know here when I do it. There might be a new release of phpMyOpenID as well….

  13. Ben Dodson’s avatar

    Ben Dodson on February 24, 2008 at 22:42

    Hi Guys,

    Just to let you know that I have successfully built a multi-user version of phpMyOpenID (finally!) and am now on the look out for beta testers. I’ve just got to add some nice styling and then a full release will be available on my site, but if you’d like to take a look at the beta version then please drop me a message.

  14. Carsten Pötter’s avatar

    Carsten Pötter on February 25, 2008 at 18:07

    Unfortunately, I won’t have much time for beta testing. But would be great if phpMyOpenID was available again. :)

Comments are now closed.

blog comments powered by Disqus

Page optimized by WP Minify WordPress Plugin