1

I am currently experimenting with implementing an openID for a small website for college. I am very new to this and have followed up with related articles. I have downloaded lightopenId and uploaded the folder to my webserver. My school has google hosting their email service so typical email addresses are: like this studentlastname@myuniversity.edu. We can login through mail.google.com or a custom web page designed by google specifically for our login mail.google.com/a/oakland.edu/.

Instead of having users be redirected to the general $openid->identity = 'https://www.google.com/accounts/o8/id'; can I have the users directed to the custom university google hosted page to authenticate?

Gives me error:

No OpenID Server found at http://mail.google.com/a/oakland.edu/accounts/o8/id

openid.php:

<? 
    <?php
    require 'openid.php';
    try {
        # Change 'localhost' to your domain name.
        $openid = new LightOpenID('http://webprolearner.ueuo.com');
        if(!$openid->mode) {
            if(isset($_GET['login'])) {
                $openid->identity = 'mail.google.com/a/oakland.edu/accounts/o8/id';
                header('Location: ' . $openid->authUrl());
            }
    ?>
    <form action="?login" method="post">
        <button>Login with Google</button>
    </form>
    <?php
        } elseif($openid->mode == 'cancel') {
            echo 'User has canceled authentication!';
        } else {
            echo 'User ' . ($openid->validate() ? $openid->identity . ' has ' : 'has not ') . 'logged in.';
        }
    } catch(ErrorException $e) {
        echo $e->getMessage();
    }

1 Answers1

1

As far as I know, the correct identity in your case would be:

https://www.google.com/accounts/o8/site-xrds?hd=oakland.edu

This url returns a valid XRDS (so LightOpenID will find a server).

Note that if the server isn't configured properly, you might get a similar error when calling validate().

Mewp
  • 4,715
  • 1
  • 21
  • 24
  • Oh but yes i did get: No OpenID Server found at http://oakland.edu/openid?id=103676657823296937874. What can i do now? –  Aug 14 '12 at 17:51
  • 2
    Ask someone who can do it to return an xrds document at oakland.edu/openid, or redirect to it. For example, by including the following code: ``. Unfortunately, there's no other way around it, unless you want to hack the library to check the "valid" url (and break the openid spec). – Mewp Aug 14 '12 at 19:42
  • +1 Alright, I am starting to understand. I found another answer of yours in regards to the same subject. I will have to ask the school administrator to do that. How will the xrds document look like for my scenario? will a folder named `openid` need to be created and then place the xrds document inside inside the school server? –  Aug 15 '12 at 05:19
  • `/openid` should send an X-XRDS-Location with the url I've mentioned in my previous comment (and my answer). If you can't do it, send a Location header redirecting to that url. If, and only if you can't do either, return a html file with ``. If you serve the file statically, you risk it breaking if google changes something. – Mewp Aug 15 '12 at 10:15
  • thank you for being patient with me. I am new to this technology. I have edited my answer is that how the XRDS should look like inside the school server? Now i will have to redirect to that xdrs document? –  Aug 15 '12 at 19:22
  • No. The correct XRDS is at `https://www.google.com/accounts/o8/site-xrds?hd=oakland.edu`, and you should redirect to it (instead of copying it to your server). – Mewp Aug 16 '12 at 08:45
  • haha sorry about my confusion. Just want to have this as clear as possible. so I will need to include this url redirect: `` somewhere in the school server? maybe inside this oakland.edu/index.php? –  Aug 16 '12 at 09:19
  • You have to include this redirect in the file that responds to http://oakland.edu/openid . Whether is it index.php, or another file, I have no way to know. In other words: LightOpenID will open http://oakland.edu/openid and look for X-XRDS-Location header. If it finds one, the validation can proceed. The error you are getting right now is because there's no such header at http://oakland.edu/openid . – Mewp Aug 16 '12 at 10:36
  • Alright, I am right now at 85% of understanding this. When you refer to lightOpenID looking at X-XRDS-Location at `oakland.edu/openid`, Is that the same thing as `oakland.edu/openid.php`? –  Aug 16 '12 at 19:34
  • Generally no (that is, unless you configure the server to redirect `/openid` to `/openid.php`). Try to visit `oakland.edu/openid` and `oakland.edu/openid.php` in your browser. Is that the same thing (assuming that they're not both 404s)? – Mewp Aug 17 '12 at 11:34
  • Oh alright, well then what is `openid` isnt that a php document? –  Aug 17 '12 at 18:17
  • It's a path, not necessarily a file. There's not enough space in this comment to precisely explain what's the difference, but putting it simply: Usually, the server sees a path like `/index.php`, so it finds `index.php` in a directory, then executes it and sends back the result. This is the default behavior, but by no means - the only one possible. Therefore, I can't say with certainty what would your server do upon a request for `/openid`. I have already described what should be the effect - there are many ways to achieve it, and I can't show you what exactly to do in your case. – Mewp Aug 17 '12 at 19:43
  • Alright, well thank your for your patience and your help. When i do implement this into the school server. I will give you a heads up with better details. Thanks again! –  Aug 17 '12 at 20:45