There are a lot of OpenID providers, but my favourite is chi.mp is because you can have yourname.mp and not a subdomain like many other OpenID providers. You can see mine here.

But what happens when you want to use your own domain name and not a third party? Well, there is an open-sourced script called phpMyID that you can download which turns your own domain name into an OpenID login.

I have turned my website Jack Cola into my own personal OpenID login. This enables me to log in to any OpenID enabled websites.

Installation is pretty easy. All you have to do is download a small file from the phpMyID website.

You can either download a tgz or zip file by clicking the highlighted links as seen in the image above.

In the files you have downloaded, there are the basic files such as readme’s and changelogs, just as you would find in any script you download. Pay particular attention to MyID.config.php and MyID.php. These two files are the important ones.

It is best that you upload the files to your server first and edit them online as a few settings need to be checked to make sure your web server is setup correctly. Once you have uploaded your files, visit your website where you have uploaded them. I suggest uploading them to http://yourdomain.com/openID/.

Once uploaded, visit the MyID.config.php file. You will be shown a screen with text similar to this. Click on Login and make sure you can successfully login with the username and password of test.

Make sure you take notice of your Realm. If there is anything after phpMyID, your server is running in safemode and you need to change it in auth_password section. (See below)

To set up phpMyID there are two steps. Edit the MyID.config.php settings and include two lines of code in your webpage’s root directory.

Editing MyID.config.php

Open up MyID.config.php to edit. The names of the settings are pretty self explanatory.

auth_username: This is your login username. Set it to a username that you will remember.

auth_password: This step is a little tricky. For added security, you need to encrypt your password using the MD5 algorithm. To do this, if you are an Linux or OSX user, you can use openssl. Just type in

$ echo -n 'username:realm:password' | openssl md5

and remember to replace username with your username you specified in auth_username, the realm that was shown on the MyID.config.php page when you viewed it in a web browser, and the password that you want to use as your login.

If you are a Windows user, you can download this app, or use this this website to encrypt your password. If you use the website, make sure you use the entire username:realm:password string is used to generate your password. Once you have your encrypted text, set the auth_username value appropriately.

There are other settings in the config file that you don’t really need to touch (unless you want to). Just read the README file provided and it will explain what they mean.

If you want, you can edit your nickname, email, fullname, dob, gender, postcode, country, language and timezone, to use with the OpenID self registration component. Just remember to uncomment the lines out by deleting the # at the start of each line.

Once you have your auth_password, visit the MyID.config.php webpage and make sure you can log in with your new username and password. If you log in successfully, you will see a screen like this.

If it doesn’t work, have a read in the troubleshooting section in the README file.

Edit your website

Now the authentication is working smoothly, you just have to edit the index (or default) webpage for your website and add two lines of html of code to the head of the file.

<link rel="openid.server" href="http://phpmyid.com/MyID.config.php">
<link rel="openid.delegate" href="http://phpmyid.com/MyID.config.php">

Remember to change the href tag to the location of your MyID.config.php file. Note: If you are using a CMS such as Joomla, you will need to edit the template’s index.php file, and not the actual Joomla root index file.

The Final Step

Well maybe I lied. There is one more step. It is to log in to an OpenID-enabled website to check that everything works properly. I have a WordPress plugin on my blog which allows you to register and log in using OpenID. If the website accepts your OpenID log in (and all is working) you will be prompted to enter your username and password. Remember that the OpenID login is your website’s URL.

You should now be logged into that site by using your domain name address. If it doesn’t allow you, try a different website, comment below, read the README file or ask in phpMyID’s forum.

OpenID is a great idea. One place to login! Imagine not having to remember your username and password for the multitude of sites that you need to login to. Once you have signed up with an OpenID provider, like one of the ones below, you will then just need to enter your OpenID URL into a supporting site’s login page; and if you have not already authenticated with your OpenID provider you will be asked to login, and if you already are authenticated you will be logged into the site.

OpenID also assists with transferring information like Name, Location, Profile Icons and so on to the site. This helps in that you don’t need to retype this information as much as you used to for each individual site you signed up on.

The main drawback to OpenID is that if your username and password are stolen or phished, then all of your registered sites then become targets. While some OpenID providers try to alleviate this (by using image verification or two-factor authentication), the majority do not.

The following is a list of suggested OpenID Providers, along with a quick summary and the pros and cons of each:

MyOpenID

MyOpenID is run by a company named JanRain, who was an early adopter and promoter of OpenID services. A leader in the industry but also a small company. Look for them to be acquired in the future.

Pros: A widely used provider. Allows you to set up a customized OpenID URL, such as openid.yourdomain.com. Major supporter of the OpenID Standard.
Cons: The company is not “big”, so they have an unproven track record.

Google Accounts

Think you don’t have an OpenID? Google recently joined the multitude of OpenID providers out there by offering OpenIDs to all Google Accounts. So, if you have a Gmail address, you already have an OpenID! Visit their account page, sign in and get your OpenID URL for signing up with OpenID compatible sites.

Pros: Many people already have Google Account access, Google is a stable company with a track record of security.
Cons: Google knows all.

ClaimID

ClaimID is an OpenID provider which has more than just OpenID. You can “claim” URLs that are yours, and save them to a profile page. Afterwards, you can use your ClaimID URL (which also serves as your OpenID URL) to log into OpenID sites. ClaimID differs from other providers in that they give you a “profile” page that you can send other people to. You can also import images from Flickr, links from Del.icio.us, and more.

Pros: One of the more consumer-friendly OpenID providers, a profile page is included.
Cons: The site seems to be still in the beta stages. An unproven track record.

Verisign Labs PIP

Verisign Labs Personal Identity Provider is the OpenID service from the well-known security firm. Their service is ‘plain’, which is a good thing in my opinion. Also, unique to Verisign PIP is the availability of using two-factor authentication with your openID login, further securing access to your websites. For more information on setting this up, see my post on integrating two-factor authentication. They also provide a free Firefox addon which will automatically fill in your OpenID url on websites; and gives a visual representation if your OpenID login is currently valid.

Pros: Only two-factor provider I found, well known security company. Free OpenID Firefox addon.
Cons: OpenID URL is hard to remember.

For a full listing of OpenID providers see: http://wiki.openid.net/OpenIDServers

In summary, you use OpenID to consolidate your logins. Currently, the main drawback is that not many sites accept OpenID as a valid login. Some major ones, Blogger, WordPress, and more [see full list here] are coming online. Look to see a slow adoption at first, then a ‘tipping’ point where many sites will follow. From indications I’ve seen, it will not be long before we see major OpenID adoption among blogs, news sites, and more. On the tail end, and after the technology is proven, we may see banks and other “high security” sites accept OpenID.

Dave is an IT Manager by day and technology consultant by night. He is interested in all things internet but is specifically interested in system administration, network security, history, and backpacking. He lives near Philadelphia with his family. See his blog @ www.systembash.com.