ownopenidserver is a small and very own OpenID server for your site.
Application can work as standalone web server (you can use it for testing and development puproses) as well as CGI or FastCGI application. While running, application provides two basic services.
- OpenID provider for those consumers (relying parties) which you want to be authenticated in.
- Web interfaces for management your personal account.
ownopenidserver relies on and depends on three external modules:
- python-openid for sure
- web.py provides lihgtweight HTTP and CGI inteface and web framework
- Jinja2 is used as a HTML templating library for management interface
- html5lib is a helper library to parse HCard microformat of your homepage.
Before starting using this server as your main provider, probably you'd like to play with it a little.
So, make sure that all three mentioned dependenices are installed and then type
cd ownopenid
python ./ownopenid.py
Thanks to web2py leverage, the server will be launched with default settings on a port 8080 listening all your interfaces.
Follow http://localhost:8080/ URL. After the first setup there is only one "log in" link leading to http://localhost:8080/account/login . You can login with an empty password and after that a nice looking page suggests that you eliminated such a large security breach by providing secure password.
Congratulations, your own openidserver initial configuration completed!
By default, once started the server uses directory sstore to save your
account's password hash, list of trusted OpenID consumers, associations (shared
secrets between your provider and OpenID relying parties), etc. If you want to
reset your settings, just type from the directory where you have launched your
app:
rm -rf sstore/*
You can override some application settings to make sure it works smoothly in
your environment. Open openidserver/openidserver.py file and scoll down to
the bottom. There is a number of settings there:
ROOT_STORE: directory name with all your settings. Path is relative to application's current working directory and points tosstoredirectory by defaultTEMPLATESis the directory where Jinja2 HTML templates reside ('templates' by default)TRUST_ROOT_STORE,SESSION_STOREandPASSWORD_STOREare three variables which points to different subdirectories inROOT_STORE. Providing thatROOT_STOREis defined, you can just left them untouched, unless you have a really good reason for doing so.
Next, if you wish to redefine those variables, the right way is to create a simple launching script which can looks like presented below:
#!/usr/bin/env python
from openidserver import openidserver
ROOT_STORE = 'your/path/to/store'
TEMPLATES = 'your/path/to/templates'
TRUST_ROOT_STORE = os.path.join(ROOT_STORE, 'trust_root')
SESSION_STORE = os.path.join(ROOT_STORE, 'sessions')
PASSWORD_STORE = ROOT_STORE
openidserver.init(ROOT_STORE, TRUST_ROOT_STORE, SESSION_STORE, PASSWORD_STORE, TEMPLATES, True).run()
Don't forget to install the application first, so that Python interpreter could find the openidserver package.
Because of web.py magic, this script can be used as standalone web-server, CGI or FastCGI application.
Suppose you're teh owner of domain example.com and you want to authenticate yourself in this role. Assume also, that you have successfully launched ownopenidserver at http://id.example.com (by the way, there is nothing wrong to place your provider not on a subdomain, but on another address in the same domain, like "http://example.com/openid").
To achieve your goal, you should edit your website page accessible at
http://example.com/ URL and include in its <head> just one tag:
<link rel="openid.server" href="http://id.example.com/endpoint">
You can also add to your page extra personal data in hCard format. Your ownopenidserver visits your page every time a consumer want to get more info about you identity.
Visit http://ownopenidserver.com for more details.
Please report any bugs you have found to Vladimir S Eremin (aka yottatsa) me@yottatsa.name. Suggestions are also appreciated.