Alex Little

Since my post last week, I’ve been trying to get the little bugs fixed up. For the first problem with LiveJournal OpenIDs, the reason turned out to be due to the fact that the parameters needed to be received by the LiveJournal server as a post request, and the association request was being sent as a get – hence the failure. This appears to be due to v1 of the OpenID spec stating that association request parameters should be sent in the post, but in OpenID spec v2 my reading is that parameters can be sent with either a get or post.

In the end I used a different library (openid4java) instead – I couldn’t figure a way to just ‘turn off’ the association requests (they are only optional) with the library I was using, and this appears to have fixed the issue with the delegation too.

So our OpenID server is using the JOID library but the MSG client is using the openid4java library

Since my posting yesterday about allowing users to sign in to MSG with OpenIDs it seems that quite a few people have had a go… all good stuff… but has also highlighted the fact that there are still a few bugs that we need to get ironed out…

Firstly, that LiveJournal OpenIDs (eg alextlittle.livejournal.com) aren’t being accepted, haven’t quite worked out why this is yet

and secondly, that it’s not handling OpenID delegation – this one has only just been reported to me so will take a look when I get chance.

The OpenID login for MSG is still fairly experimental so cheers all for your feedback and keep it coming

New MSG login page
MSG will now accept OpenID Identity URLs to log in with. When you first log in with your OpenID identity you’ll be asked if you want to associate your OpenID with an existing MSG account, or you can create a new MSG account (without a password obviously!) .

As far as I’m aware MSG is the first instant messenger system to offer open registration and the ability to login with an OpenID identity (feel free to let me know if I’m wrong about this )

I also have an OpenID server up and running (at: http://openid.open.ac.uk) and anyone is free to sign up for an OpenID identity with it, but please bear in mind that this is still an experimental service (I’m still tinkering!)

Next steps are some more testing and then having a look at trying one of the PHP OpenID libraries running as a consumer (plus making this blog OpenID enabled…)

I’m now quite close to having a (functioning!) OpenID identity provider server up and running. I’m using the JOID OpenID api and has been fairly easy to set up. What I’ve created is based on their example server application, but I’ve changed to using a database as the store and made the interface a bit prettier! I came across a couple of little issues, for example with logging in to LiveJournal, but managed to get these fixed up without too much hassle – the problems/queries I’ve had are posted up on the JOID-dev maillist – so I won’t repeat them all here.

The last few bits for me to finish off are allowing users to update their profile and to reset passwords, once that’s done I’ll post up the URL so people can have a play. Then I’ll be on to the task of allowing users to log into MSG using their OpenIDs

Earlier, Marc posted a story on KMi planet about the 7 opens in MSG, well, I’ve started to make that 8 as I’ve finally got round to spending a bit of time looking at OpenID.

I’d spent a little bit of time last week looking at the draft of the OpenID book, which explained all the processes well of how it all works, but I struggled a little with the actual example in chapter 5 (or was it 6?!) – following how the URLs & packets matched the workflow previously explained.

This evening, I installed the JanRain PHP OpenID library on my laptop, so I now have a (dummy) OpenID identity provider and consumer up and running on my laptop. The instructions were for setting up on *nix server, but runs fine (with few tweaks to the instructions) on Windows (XP with PHP5) too. What I’ve done is all pretty basic, and probably quite insecure as I’m not using SSL or a ‘proper’ random number generator – but will be good enough for playing with. I hope to be able to rewrite the server part into Java/JSP as that’s what we’re going to be running it on. Although it may seem a little odd just rewriting (esp. when Java libraries already exist for OpenID) but my thinking is that doing it myself should help a lot in my actual understanding of how it all works… possibly!

Over the last few days I’ve been taking a look at OpenId and how we could use it to solve some of the single sign on problems that we have – and in the process making some of the KMi tools OpenId-enabled.

We would like to set up our own OpenId server, mainly out of interest, but also so not then relying on an external service to be our OpenId provider. Whilst there seems to be a fair amount of documentation and usable code out there related to making your site (esp blog) able to be an OpenId consumer, there seems to be very little about the OpenId server.

There are a few OpenID server libraries available and standalone servers, but generally they appear to be very poorly documented. I was just looking at libraries/servers for PHP or Java (our ‘normal’ development platforms), but some lacked clear instructions on how to set them up, or the examples didn’t work. Out of the 5 or 6 that I tried, I was unable to get any of them working – ok, I’ve not spent a huge amount of time looking at these, but with most I was pretty stumped as to where to even start getting them running.

I know some people might say that many of these are open source projects, so if you don’t like it then do something about it (write some docs, get the examples working etc), but I just don’t have the time at the moment to try and figure them out in that much detail. Maybe the people who have got them running could write some clear(er) documentation?

I think it’s in the interests of the OpenId Foundation to make help these OpenId server projects improve dramatically if OpenId is going really make a difference to the single sign on problem. My feeling is that most organisations would not want their logins handled/maintained by some outside service, so they’d want to be their own OpenId provider. So if stable & easy to setup/use/integrate OpenId servers aren’t available, then this will limit the take up of OpenId by organisations who have the same issues we do in KMi, with tools/services needing different logins.

Been thinking about creating a netvibes widget for MSG, once the Netvibes widget API is released (announcement), might be good thing to do, especially since we’ve already got a an API for MSG – so ought to be straightforward enough to fix up. Then we can automatically have a widget for a plethora of platforms/applications with very little effort! Would be especially good when Netvibes supports OpenID and if we can allow people to log in to MSG using their OpenID account. Would be very nice if the OU became an OpenID identity provider …