5

I'm looking to implement an OpenID identity provider as service for a website of mine. I'm going to integrate it with the existing user services that the app provides, so I'd like to use a library rather than a complete OpenID server application (i.e. the tools listed on the OpenID Identity Servers section all do too much).

This leaves the following libraries listed on the OpenID Libraries page (those that are able to act as an identity provider; the others are ignored, as they can't do what I need anyway). Unfortunately there are some issues with each, and I'd appreciate advice as to which I should go for.

  • PHP OpenID Library (Janrain) - This seems to be popular, but seems to be unmaintained. There are many, many forks on GitHub due to a lack of fixes for the outstanding issues; it seems to work (with a few fixes), but it's hard to know which of the forks to follow, or whether it's safe to do so.
  • NetMesh InfoGrid LID - A 403 Permission Denied on the download section is not encouraging.
  • Zend Framework OpenID Component - Part of the Zend framework, which we don't use.

So, my questions are

  • Are there any other options for an identity provider?
  • Does anyone have any experience with the NetMesh solution? What's up with not being able to download it?
  • Can Zend Framework components be used without the Zend Framework?
  • Is there a good, reliable fork of the Janrain PHP OpenID Library?
cyberhicham
  • 495
  • 1
  • 10
  • 24
El Yobo
  • 14,823
  • 5
  • 60
  • 78
  • 2
    I have developed my OpenID provider and consumer classes to share the same login account across a [family of sites](http://www.phpclasses.org/blog/post/127-Single-SignOn-authentication-using-OpenID-and-other-security-measures.html) that I developed. I did that precisely because the existing PHP implementations were not good enough for me. The code is working live for over 8 months now and most issues were fixed. I want to release it as Open Source but I need to finish enough documentation to make it useful to others. If you are interested in testing, mail me at the address in my profile. – mlemos Mar 29 '11 at 04:09
  • Mlemos, I can't find your email anywhere I'm afraid, but I'd be interested in having a look over your code. – El Yobo Mar 31 '11 at 00:14
  • As would I if you need more testers. Like El Yobo, I've found the current solutions either not fitting well for my project (so far... haven't' tried the zend version yet), or quite out of date. – canadiancreed Mar 31 '11 at 01:16
  • Sorry, I thought StackOverflow would expose my contact somehow. Anyway, feel free to mail me to mlemos at acm.org – mlemos Mar 31 '11 at 06:12

1 Answers1

1

The fact that you do not use a framework in a whole should not stop you from using one of it's components. The list of dependent components of Zend_OpenID is available here. You can take just what you need for OpenID to be running and that's all. I don't see any huge difference in taking yet another OpenID component VS taking Zend_OpenID with dependencies.

Vladislav Rastrusny
  • 29,378
  • 23
  • 95
  • 156
  • I'm not certain how feasible this is; your link is very helpful, but the dependencies include Zend_Session, which may have issues with the rest of the app (they recommend only accessing $_SESSION through the Zend_Session system) and Zend_Controller_Response_Http looks like it could be very difficult to integrate. – El Yobo Mar 29 '11 at 10:06
  • @El Yobo, true. Here is a list of OpenID implementations http://wiki.openid.net/Libraries but I am not sure they look promising. – Vladislav Rastrusny Mar 29 '11 at 10:57
  • Yeah... I linked to that in my question and cover the only three which provide support for acting as an identity provider. I'm leaning towards forking the janrain library yet again and implementing the fixes that I need :-/ – El Yobo Mar 29 '11 at 11:04
  • What about another authentication method? Like OAuth, for instance? – Vladislav Rastrusny Mar 29 '11 at 11:19
  • Actually, ideally I'd like to implement Google's OpenID + OAuth Hybrid; but it seems like it's an extension to OpenID, rather than an extension to OAuth, so I need to work from the OpenID base library. – El Yobo Mar 29 '11 at 12:40