OpenId servers – any good ones out there?
Over the last few days I’ve been taking a look at OpenId and how we could use it to solve some of the single sign on problems that we have – and in the process making some of the KMi tools OpenId-enabled.
We would like to set up our own OpenId server, mainly out of interest, but also so not then relying on an external service to be our OpenId provider. Whilst there seems to be a fair amount of documentation and usable code out there related to making your site (esp blog) able to be an OpenId consumer, there seems to be very little about the OpenId server.
There are a few OpenID server libraries available and standalone servers, but generally they appear to be very poorly documented. I was just looking at libraries/servers for PHP or Java (our ‘normal’ development platforms), but some lacked clear instructions on how to set them up, or the examples didn’t work. Out of the 5 or 6 that I tried, I was unable to get any of them working – ok, I’ve not spent a huge amount of time looking at these, but with most I was pretty stumped as to where to even start getting them running.
I know some people might say that many of these are open source projects, so if you don’t like it then do something about it (write some docs, get the examples working etc), but I just don’t have the time at the moment to try and figure them out in that much detail. Maybe the people who have got them running could write some clear(er) documentation?
I think it’s in the interests of the OpenId Foundation to make help these OpenId server projects improve dramatically if OpenId is going really make a difference to the single sign on problem. My feeling is that most organisations would not want their logins handled/maintained by some outside service, so they’d want to be their own OpenId provider. So if stable & easy to setup/use/integrate OpenId servers aren’t available, then this will limit the take up of OpenId by organisations who have the same issues we do in KMi, with tools/services needing different logins.
Alex: I am the technical director for the VeriSign OpenID server called the “PiP” as well as the Firefox extension called “SeatBelt” (you can check out http://pip.verisignlabs.com for further details on both).
Our system is all Java based and we implemented the Java replying party/server library found at http://code.google.com/p/joid/ which you are welcome to check out. We’re actually in the process of extending the library to include PAPE support (http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html)which we’ll be releasing in the next couple of weeks.
I would encourage you to post any questions you might have to the JOID mailing list but we have tried to make it as clear as possible by trying to provide some examples.
Good luck.
Thanks for that – will take a look
Alex
I would suggest checking out Atlassian’s Crowd.
This system is also Java based and comes with connectors for other applications like Apache, Subversion, Jive, JIRA and Confluence. Your users can be stored internally or come from LDAP if you have something like an Active Directory server already in place.
Best of all, there is commercial support.
Alex, you might also want to try an OpenID login widget, ID Selector (www.idselector.com), from JanRain. You can read about it at https://www.idselector.com/site/testimonials and see an implementation at http://jyte.com/auth/login.
Regards,
Brian