Yubico Forum ...visit our web-store at 2010-02-23T10:35:29+01:00 https://forum.yubico.com/feed.php?f=16&t=63 2010-02-23T10:35:29+01:00 2010-02-23T10:35:29+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2071#p2071 <![CDATA[Re: My own OpenID server]]>
http://code.google.com/p/yubico-openid-server/

Please use the updated OpenID server and try again.

Statistics: Posted by network-marvels — Tue Feb 23, 2010 10:35 am

]]> 2010-02-22T15:29:53+01:00 2010-02-22T15:29:53+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2067#p2067 <![CDATA[Re: My own OpenID server]]>
    1) Currently we are testing it using the example consumer page which was packaged with the server. Eventually the server will be used to authenticate to a secure web server.
    2) On the Windows server HTTP identifiers from other providers work, HTTPS identifiers do not. On the Linux server both HTTP and HTTPS identifiers work from other providers.
    3) Yes, using the Linux machine, the HTTP and HTTPS identifiers from the Yubico OpenID server (openid.yubico.com) both work.
    4) Yes, using the Linux machine, the HTTP and HTTPS identifiers from our locally hosted Yubico OpenID server both work.
    5) No, using the Windows machine, the HTTP identifier provided by the Yubico OpenID server (openid.yubico.com) works, the HTTPS identifier does not.
    6) No, using the Windows machine, the HTTP identifier provided by our locally hosted Yubico OpenID server works, the HTTPS identifier does not.

We get the same error message regardless of provider (your own (openid.yubico.com), someone elses, or locally hosted). It is as follows:

Quote:

Authentication error; not a valid OpenID.

Statistics: Posted by mat — Mon Feb 22, 2010 3:29 pm

]]> 2010-02-19T14:45:29+01:00 2010-02-19T14:45:29+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2054#p2054 <![CDATA[Re: My own OpenID server]]>
    1) The application for which you are trying to configure Yubico OpenID based authentication
    2) Are you able to login to your application when you use other OpenID providers using both http and https identifiers?
    3) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Linux machine using both http and https identifiers?
    4) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Linux machine using both http and https identifiers?
    5) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Windows machine using both http and https identifiers?
    6) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Windows machine using both http and https identifiers?

Along with the above information, please send us the exact error messages you are getting while using the Yubico OpenID server (online and locally hosted).

Statistics: Posted by network-marvels — Fri Feb 19, 2010 2:45 pm

]]> 2010-02-18T15:06:15+01:00 2010-02-18T15:06:15+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2051#p2051 <![CDATA[Re: My own OpenID server]]> https://openid.yubico.com still work since it would be dealing with your certificate?

Even while using self-signed certificates the Linux machine still had no issues with HTTPS identifiers from other OpenID providers.

Statistics: Posted by mat — Thu Feb 18, 2010 3:06 pm

]]> 2010-02-18T11:13:33+01:00 2010-02-18T11:13:33+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2050#p2050 <![CDATA[Re: My own OpenID server]]>
As the identifier is correctly working with http, it seems that this is not an issue with the Yubico OpenID server. As identifier is not working only with https, it seems to be some sort of certificate issue.

Statistics: Posted by network-marvels — Thu Feb 18, 2010 11:13 am

]]> 2010-02-18T15:00:06+01:00 2010-02-17T17:19:54+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2046#p2046 <![CDATA[Re: My own OpenID server]]>
We're still having issues with the Windows Server, however. I've tried using the Yubico hosted OpenID Server, the consumer on the Windows machine still doesn't like the HTTPS identifier (the Linux machine will accept it from your hosted server as well, however). HTTP identifiers do work on the Windows machine.

For the record we've also changed the Windows server to use MySQL Community Server version 5.1.42 rather than the Filesystem.

Statistics: Posted by mat — Wed Feb 17, 2010 5:19 pm

]]> 2010-02-16T16:49:23+01:00 2010-02-16T16:49:23+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2043#p2043 <![CDATA[Re: My own OpenID server]]>
We would appreciate if you can confirm the followings:
    1) Are you using self signed certificates?
    2) Are you able to successfully use your hosted Yubico openid server in case you use identifier in http?
    3) Are you facing this problem only when you use https in identifier?

We would also appreciate if you can use Yubico hosted OpenID server available at https://openid.yubico.com and try again.

Statistics: Posted by network-marvels — Tue Feb 16, 2010 4:49 pm

]]> 2010-01-27T16:13:09+01:00 2010-01-27T16:13:09+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2013#p2013 <![CDATA[Re: My own OpenID server]]>
I'm having the same issue on both machines.

Statistics: Posted by mat — Wed Jan 27, 2010 4:13 pm

]]> 2010-01-27T12:49:33+01:00 2010-01-27T12:49:33+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2011#p2011 <![CDATA[Re: My own OpenID server]]>
    1) Operating system details like Linux or Windows, version number etc.
    2) Web Server details like Apache or IIS, version number etc.
    3) PHP details like version number
    5) Database details like version number of MySQL

Statistics: Posted by network-marvels — Wed Jan 27, 2010 12:49 pm

]]> 2010-01-26T20:07:06+01:00 2010-01-26T20:07:06+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=2004#p2004 <![CDATA[Re: My own OpenID server]]>
Has anyone else encountered this? If so how did you overcome it? Any help would be greatly appreciated.

Statistics: Posted by mat — Tue Jan 26, 2010 8:07 pm

]]> 2009-07-25T23:14:39+01:00 2009-07-25T23:14:39+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=1594#p1594 <![CDATA[Re: My own OpenID server]]> Statistics: Posted by editor — Sat Jul 25, 2009 11:14 pm

]]> 2009-02-26T02:31:40+01:00 2009-02-26T02:31:40+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=1186#p1186 <![CDATA[Re: My own OpenID server]]>
I was planning on setting up the OpenID server in Linux this week so this is quite helpful. By the way, I did manage to get the server working in Windows Server 2008, too. I had a typo in the session.php file.

Statistics: Posted by Peachy — Thu Feb 26, 2009 2:31 am

]]> 2009-02-18T12:16:40+01:00 2009-02-18T12:16:40+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=1119#p1119 <![CDATA[Re: My own OpenID server]]>
http://code.google.com/p/yubico-openid- ... adMeYubico

Good luck,
Simon

Statistics: Posted by Simon — Wed Feb 18, 2009 12:16 pm

]]> 2009-01-27T20:24:21+01:00 2009-01-27T20:24:21+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=973#p973 <![CDATA[Re: My own OpenID server]]>
/Phillip

Statistics: Posted by Peachy — Tue Jan 27, 2009 8:24 pm

]]> 2008-10-02T08:15:00+01:00 2008-10-02T08:15:00+01:00 https://forum.yubico.com/viewtopic.php?t=63&p=725#p725 <![CDATA[Re: My own OpenID server]]>
    1. About this document

    The purpose of this document is to guide readers through the configuration steps to host Yubico OPENID server on IIS7 (Internet Information Server) on Windows Vista 32 and 64 bit Platform. (Even though this document targets the Vista platform, functionality has also been verified on Windows Server 2008 and Windows Server 2003 – 32 and 64bit platforms ).

    This document assumes that the reader has advanced knowledge and experience in Windows system administration, particularly how a PHP based application is hosted on IIS 7 Windows Vista Platform.

    2. Prerequisites

    Hosting Yubico OPENID server on IIS 7 Vista platform requires following prerequisites:


    3.Configuration

    We assume that IIS 7 is configured correctly to host and support PHP based applications.

      •Installation of Auth_Yubico

      Download the Auth_Yubico PHP class from the link provided above.
      It is written as a PEAR module. User needs to install PEAR module before installing the Auth_Yubico. The following steps describe how to install PEAR module:

      1) Open command prompt
      2) Change to the PHP installation directory (In our test environment it is C:\php)
      3) Run the “go-pear.bat” batch file and follow the on-screen installation steps
      4) This will install PEAR in the specified installation path (In our test environment it is C:\php)

      Next, follow the steps below to install Auth_Yubico:

      1) Open command prompt
      2) Change to the directory where Auth_Yubico-1.2.tgz is downloaded
      3) Type "pear install Auth_Yubico-1.1.tgz" at command prompt
      4) This will install Yubico.php to the "PEAR Installation Path\Auth" directory (In our test environment it is C:\php\Auth\Yubico.php)

      •Installation of Yubico OPENID Server

      Download the Yubico OPENID server from the link provided above.
      Then follow the steps below to configure Yubico OPENID Server:

      1)Unzip the “php-openid-2.0.1.yubico.0.tar.bz2”.
      2)Follow the instructions given in README file and http://code.google.com/p/yubico-openid- ... adMeYubico
      3)Edit the php.ini file to enable the curl extension. Uncomment the line “extension=php_curl.dll”.
      4)The OpenID server code is found in examples\server\. The IIS 7 web server should be configured to use this directory as the document root.
      5)Edit the session.php (stored in examples\server\lib directory) to change the login url. Replace the line 34 with the code given below:

      {$s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';}

      (This step will allow requests coming over HTTP and HTTPS.)

    4. Test Setup

    Our test environment is as follows:

      A)Operating System: Windows Vista Ultimate Server Pack 1
      B)IIS Server: IIS Server 7.0.6000.16386
      C)PHP Version: PHP Version 5.2.6
      D)Config.php file:

      <?php
      /**
      * Set any extra include paths needed to use the library
      */
      set_include_path(get_include_path() . PATH_SEPARATOR . "C:\\inetpub\\wwwroot\\openid");

      /**
      * The URL for the server.
      *
      * This is the location of server.php. For example:
      *
      * $server_url = 'http://example.com/~user/server.php';
      *
      * This must be a full URL.
      */
      $server_url = "http://192.168.1.36/openid/examples/server/server.php";

      /**
      * Initialize an OpenID store
      *
      * @return object $store an instance of OpenID store (see the
      * documentation for how to create one)
      */
      function getOpenIDStore()
      {
      require_once "Auth/OpenID/FileStore.php";
      return new Auth_OpenID_FileStore("D:\\Auth");
      }

      require_once 'C:\php\Auth\Yubico.php';
      $yubi = &new Auth_Yubico('241', 'GAqX76BW8IbqdwVqQIDfB8aBmDM=');

      (The above text in bold font needs to be added to the configuration file.)
      ?>

      E)Session.php file:

      <?php

      require_once "config.php";
      require_once "lib/render.php";
      require_once "Auth/OpenID/Server.php";

      /**
      * Set up the session
      */
      function init()
      {
      session_name('openid_server');
      session_start();
      }

      /**
      * Get the style markup
      */
      function getStyle()
      {
      $parent = rtrim(dirname(getServerURL()), '/');
      $url = htmlspecialchars($parent . '/openid-server.css', ENT_QUOTES);
      return sprintf('<link rel="stylesheet" type="text/css" href="%s" />', $url);
      }

      /**
      * Get the URL of the current script
      */
      function getServerURL()
      {
      $path = $_SERVER['SCRIPT_NAME'];
      $host = $_SERVER['HTTP_HOST'];
      $port = $_SERVER['SERVER_PORT'];
      $s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';
      /*
      (The above text in bold font needs to be added to the session.php at line 34.)
      */
      if (($s && $port == "443") || (!$s && $port == "80")) {
      $p = '';
      } else {
      $p = ':' . $port;
      }

      return "http$s://$host$p$path";
      }

      /**
      * Build a URL to a server action
      */
      function buildURL($action=null, $escaped=true)
      {
      $url = getServerURL();
      if ($action) {
      $url .= '/' . $action;
      }
      return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url;
      }

      /**
      * Extract the current action from the request
      */
      function getAction()
      {
      $path_info = @$_SERVER['PATH_INFO'];
      $action = ($path_info) ? substr($path_info, 1) : '';
      $function_name = 'action_' . $action;
      return $function_name;
      }

      /**
      * Write the response to the request
      */
      function writeResponse($resp)
      {
      list ($headers, $body) = $resp;
      array_walk($headers, 'header');
      header(header_connection_close);
      print $body;
      }

      /**
      * Instantiate a new OpenID server object
      */
      function getServer()
      {
      static $server = null;
      if (!isset($server)) {
      $server =& new Auth_OpenID_Server(getOpenIDStore(),
      buildURL());
      }
      return $server;
      }

      /**
      * Return a hashed form of the user's password
      */
      function hashPassword($password)
      {
      return bin2hex(Auth_OpenID_SHA1($password));
      }

      /**
      * Check the user's login information. Return OpenID URL for user.
      */
      function checkLogin($yubikey)
      {
      // from config.php
      global $yubi;

      $token_size = 32;
      $min_identity_size = 12;

      if (strlen ($yubikey) < $token_size + $min_identity_size) {
      return array(array('Authentication failure: too short input'), false);
      }

      $identity = substr ($yubikey, 0, strlen ($yubikey) - $token_size);
      $openid_url = $identity;

      $auth = $yubi->verify($yubikey);
      if (PEAR::isError($auth)) {
      return array(array('Authentication failure: ' . $auth->getMessage() .
      '<!-- Debug output from server: ' . $yubi->getLastResponse() . '-->'),
      false);
      }

      return array(array(), $openid_url);
      }

      /**
      * Get the openid_url out of the cookie
      *
      * @return mixed $openid_url The URL that was stored in the cookie or
      * false if there is none present or if the cookie is bad.
      */
      function getLoggedInUser()
      {
      return isset($_SESSION['openid_url'])
      ? $_SESSION['openid_url']
      : false;
      }

      /**
      * Set the openid_url in the cookie
      *
      * @param mixed $identity_url The URL to set. If set to null, the
      * value will be unset.
      */
      function setLoggedInUser($identity_url=null)
      {
      if (!isset($identity_url)) {
      unset($_SESSION['openid_url']);
      } else {
      $_SESSION['openid_url'] = $identity_url;
      }
      }

      function getRequestInfo()
      {
      return isset($_SESSION['request'])
      ? unserialize($_SESSION['request'])
      : false;
      }

      function setRequestInfo($info=null)
      {
      if (!isset($info)) {
      unset($_SESSION['request']);
      } else {
      $_SESSION['request'] = serialize($info);
      }
      }


      function getSreg($identity)
      {
      // from config.php
      global $openid_sreg;

      if (!is_array($openid_sreg)) {
      return null;
      }

      return $openid_sreg[$identity];

      }

      function idURL($identity)
      {
      return buildURL('idpage') . "?user=" . $identity;
      }

      function idFromURL($url)
      {
      if (strpos($url, 'idpage') === false) {
      return null;
      }

      $parsed = parse_url($url);

      $q = $parsed['query'];

      $parts = array();
      parse_str($q, $parts);

      return @$parts['user'];
      }

      ?>

    5.Testing the configuration

    We have tested the Yubico OPENID server on following Windows sever platforms:

      1) Windows Server 2008:
        a) Operating system: Windows Server 2008 Standard Edition Service Pack1
        b) IIS Version: IIS version 7.0.6000.16386
      2) Windows Server 2003:
        a) Operating system: Windows Server 2003 Standard Edition Service Pack 1
        b) IIS Version: IIS version 6.0
      3)Windows Vista Ultimate:
        a) Operating System: Windows Vista Ultimate Service Pack 1
        b) IIS Version: IIS version 7.0

Yubico OPENID server is working fine on with any OS (Windows Vista and Windows Server 2008) having IIS 7.0 but not on any OS (windows server 2003, windows XP) with IIS 6.0. (Note: IIS is a part of the OS, the version is determined by what OS is installed. To get IIS7 we must upgrade to Windows Vista or Server 2008.)

There is problem with URL rewriting handled by IIS server version 6.0 which affects Yubico OPENID server functionality. This is fixed in Version 7.0.

We can successfully host Yubico OPENID server on any latest windows operating system (Windows Vista and Server 2008) installed with IIS server version 7.0.

Please follow the procedure below to use the Yubikey OPENID authentication:

    •From any web browser go to the Yubico OPENID server. The OPENID server home page should be seen as (see picture below):
    Image1.JPG

    •Focus the cursor at Yubikey field and press the Yubikey to emit the OTP:
    Image2.JPG

    •Ones the Yubikey generated OTP is authenticated successfully, users are logged in to the OPENID server.
    Image3.JPG

Statistics: Posted by network-marvels — Thu Oct 02, 2008 8:15 am

]]>