We have installed OPENID server on Windows Vista platform. Please see the below document for installation and configuration steps along with test cases.
1. About this document
The purpose of this document is to guide readers through the configuration steps to host Yubico OPENID server on IIS7 (Internet Information Server) on Windows Vista 32 and 64 bit Platform. (Even though this document targets the Vista platform, functionality has also been verified on Windows Server 2008 and Windows Server 2003 – 32 and 64bit platforms ).
This document assumes that the reader has advanced knowledge and experience in Windows system administration, particularly how a PHP based application is hosted on IIS 7 Windows Vista Platform.
2. Prerequisites
Hosting Yubico OPENID server on IIS 7 Vista platform requires following prerequisites:
3. Configuration
We assume that IIS 7 is configured correctly to host and support PHP based applications.
• Installation of Auth_Yubico
Download the Auth_Yubico PHP class from the link provided above.
It is written as a PEAR module. User needs to install PEAR module before installing the Auth_Yubico. The following steps describe how to install PEAR module:
1) Open command prompt
2) Change to the PHP installation directory (In our test environment it is C:\php)
3) Run the “go-pear.bat” batch file and follow the on-screen installation steps
4) This will install PEAR in the specified installation path (In our test environment it is C:\php)
Next, follow the steps below to install Auth_Yubico:
1) Open command prompt
2) Change to the directory where Auth_Yubico-1.2.tgz is downloaded
3) Type "pear install Auth_Yubico-1.1.tgz" at command prompt
4) This will install Yubico.php to the "PEAR Installation Path\Auth" directory (In our test environment it is C:\php\Auth\Yubico.php)
• Installation of Yubico OPENID Server
Download the Yubico OPENID server from the link provided above.
Then follow the steps below to configure Yubico OPENID Server:
1) Unzip the “php-openid-2.0.1.yubico.0.tar.bz2”.
2) Follow the instructions given in README file and http://code.google.com/p/yubico-openid- ... adMeYubico
3) Edit the php.ini file to enable the curl extension. Uncomment the line “extension=php_curl.dll”.
4) The OpenID server code is found in examples\server\. The IIS 7 web server should be configured to use this directory as the document root.
5) Edit the session.php (stored in examples\server\lib directory) to change the login url. Replace the line 34 with the code given below:
{$s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';}
(This step will allow requests coming over HTTP and HTTPS.)
4. Test Setup
Our test environment is as follows:
A) Operating System: Windows Vista Ultimate Server Pack 1
B) IIS Server: IIS Server 7.0.6000.16386
C) PHP Version: PHP Version 5.2.6
D) Config.php file:
<?php
/**
* Set any extra include paths needed to use the library
*/
set_include_path(get_include_path() . PATH_SEPARATOR . "C:\\inetpub\\wwwroot\\openid");
/**
* The URL for the server.
*
* This is the location of server.php. For example:
*
* $server_url = 'http://example.com/~user/server.php';
*
* This must be a full URL.
*/
$server_url = "http://192.168.1.36/openid/examples/server/server.php";
/**
* Initialize an OpenID store
*
* @return object $store an instance of OpenID store (see the
* documentation for how to create one)
*/
function getOpenIDStore()
{
require_once "Auth/OpenID/FileStore.php";
return new Auth_OpenID_FileStore("D:\\Auth");
}
require_once 'C:\php\Auth\Yubico.php';
$yubi = &new Auth_Yubico('241', 'GAqX76BW8IbqdwVqQIDfB8aBmDM=');
(The above text in bold font needs to be added to the configuration file.)
?>
E) Session.php file:
<?php
require_once "config.php";
require_once "lib/render.php";
require_once "Auth/OpenID/Server.php";
/**
* Set up the session
*/
function init()
{
session_name('openid_server');
session_start();
}
/**
* Get the style markup
*/
function getStyle()
{
$parent = rtrim(dirname(getServerURL()), '/');
$url = htmlspecialchars($parent . '/openid-server.css', ENT_QUOTES);
return sprintf('<link rel="stylesheet" type="text/css" href="%s" />', $url);
}
/**
* Get the URL of the current script
*/
function getServerURL()
{
$path = $_SERVER['SCRIPT_NAME'];
$host = $_SERVER['HTTP_HOST'];
$port = $_SERVER['SERVER_PORT'];
$s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';
/*
(The above text in bold font needs to be added to the session.php at line 34.)
*/
if (($s && $port == "443") || (!$s && $port == "80")) {
$p = '';
} else {
$p = ':' . $port;
}
return "http$s://$host$p$path";
}
/**
* Build a URL to a server action
*/
function buildURL($action=null, $escaped=true)
{
$url = getServerURL();
if ($action) {
$url .= '/' . $action;
}
return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url;
}
/**
* Extract the current action from the request
*/
function getAction()
{
$path_info = @$_SERVER['PATH_INFO'];
$action = ($path_info) ? substr($path_info, 1) : '';
$function_name = 'action_' . $action;
return $function_name;
}
/**
* Write the response to the request
*/
function writeResponse($resp)
{
list ($headers, $body) = $resp;
array_walk($headers, 'header');
header(header_connection_close);
print $body;
}
/**
* Instantiate a new OpenID server object
*/
function getServer()
{
static $server = null;
if (!isset($server)) {
$server =& new Auth_OpenID_Server(getOpenIDStore(),
buildURL());
}
return $server;
}
/**
* Return a hashed form of the user's password
*/
function hashPassword($password)
{
return bin2hex(Auth_OpenID_SHA1($password));
}
/**
* Check the user's login information. Return OpenID URL for user.
*/
function checkLogin($yubikey)
{
// from config.php
global $yubi;
$token_size = 32;
$min_identity_size = 12;
if (strlen ($yubikey) < $token_size + $min_identity_size) {
return array(array('Authentication failure: too short input'), false);
}
$identity = substr ($yubikey, 0, strlen ($yubikey) - $token_size);
$openid_url = $identity;
$auth = $yubi->verify($yubikey);
if (PEAR::isError($auth)) {
return array(array('Authentication failure: ' . $auth->getMessage() .
'<!-- Debug output from server: ' . $yubi->getLastResponse() . '-->'),
false);
}
return array(array(), $openid_url);
}
/**
* Get the openid_url out of the cookie
*
* @return mixed $openid_url The URL that was stored in the cookie or
* false if there is none present or if the cookie is bad.
*/
function getLoggedInUser()
{
return isset($_SESSION['openid_url'])
? $_SESSION['openid_url']
: false;
}
/**
* Set the openid_url in the cookie
*
* @param mixed $identity_url The URL to set. If set to null, the
* value will be unset.
*/
function setLoggedInUser($identity_url=null)
{
if (!isset($identity_url)) {
unset($_SESSION['openid_url']);
} else {
$_SESSION['openid_url'] = $identity_url;
}
}
function getRequestInfo()
{
return isset($_SESSION['request'])
? unserialize($_SESSION['request'])
: false;
}
function setRequestInfo($info=null)
{
if (!isset($info)) {
unset($_SESSION['request']);
} else {
$_SESSION['request'] = serialize($info);
}
}
function getSreg($identity)
{
// from config.php
global $openid_sreg;
if (!is_array($openid_sreg)) {
return null;
}
return $openid_sreg[$identity];
}
function idURL($identity)
{
return buildURL('idpage') . "?user=" . $identity;
}
function idFromURL($url)
{
if (strpos($url, 'idpage') === false) {
return null;
}
$parsed = parse_url($url);
$q = $parsed['query'];
$parts = array();
parse_str($q, $parts);
return @$parts['user'];
}
?>
5. Testing the configuration
We have tested the Yubico OPENID server on following Windows sever platforms:
1) Windows Server 2008:
a) Operating system: Windows Server 2008 Standard Edition Service Pack1
b) IIS Version: IIS version 7.0.6000.16386
2) Windows Server 2003:
a) Operating system: Windows Server 2003 Standard Edition Service Pack 1
b) IIS Version: IIS version 6.0
3) Windows Vista Ultimate:
a) Operating System: Windows Vista Ultimate Service Pack 1
b) IIS Version: IIS version 7.0
Yubico OPENID server is working fine on with any OS (Windows Vista and Windows Server 2008) having IIS 7.0 but not on any OS (windows server 2003, windows XP) with IIS 6.0. (Note: IIS is a part of the OS, the version is determined by what OS is installed. To get IIS7 we must upgrade to Windows Vista or Server 2008.)
There is problem with URL rewriting handled by IIS server version 6.0 which affects Yubico OPENID server functionality. This is fixed in Version 7.0.
We can successfully host Yubico OPENID server on any latest windows operating system (Windows Vista and Server 2008) installed with IIS server version 7.0.
Please follow the procedure below to use the Yubikey OPENID authentication:
• From any web browser go to the Yubico OPENID server. The OPENID server home page should be seen as (see picture below):
Attachment:
Image1.JPG
• Focus the cursor at Yubikey field and press the Yubikey to emit the OTP:
Attachment:
Image2.JPG
• Ones the Yubikey generated OTP is authenticated successfully, users are logged in to the OPENID server.
Attachment:
Image3.JPG
Login
FAQ
Search
But anyway just thought id mention it.