Yubico Forum https://forum.yubico.com/ |
|
My own OpenID server https://forum.yubico.com/viewtopic.php?f=16&t=63 |
Page 1 of 2 |
Author: | Peachy [ Tue May 27, 2008 4:15 pm ] |
Post subject: | My own OpenID server |
So, I've installed the Yubico OpenID server and have verified that it works at least with the consumer script. I've setup a local Drupal 6 server to test the Yubikey/OpenID authentication. It works seamlessly with the openid.yubico.com OpenID provider, but If I use an OpenID based on my own Yubico OpenID server that I installed locally, I can get to the server login screen and input my OTP from my Yubikey. Then it redirects me to a blank page with the word 'trust' appended to the URL and doesn't return me back to the OpenID consumer. Am I missing something here? I used an OpenID URI similar to the Yubico one, just replacing the openid.yubico.com domain with my own. Also, when I do a test with the server.php on my local OpenID server I get a blank page with the word 'login' appended to the URL. I seem to be missing some other piece. OpenID server system specs: openSUSE 10.3 kernel 2.6.22.5-31-default Apache 2-2.2.4-70 PHP5.2.4-11 MySQL 5.0.45-22 /Phillip |
Author: | anders [ Tue May 27, 2008 7:21 pm ] |
Post subject: | Re: My own OpenID server |
Hi! I just set up the OpenID server on my IIS7 Vista64 machine. I had a similar problem when trying to log in with the server.php and didnt get anywhere when i clicked the login button. Looked like the page (server.php/login) was missing. This had to do with that it used https and i hadnt set up my system for that yet. Although i assume thats not your problem since my misstake is a rookie one. But anyway just thought id mention it. REGARDS Anders |
Author: | Simon [ Wed May 28, 2008 5:51 pm ] |
Post subject: | Re: My own OpenID server |
Did you install the PHP Auth_Yubico module and made the necessary modifications to config.php? See http://code.google.com/p/yubico-openid- ... adMeYubico I just double-checked, and except for config.php, the code we are running on openid.yubico.com is _exactly_ the same as on the yubico-openid-server google project. There may be some additional installation step that is necessary though. If you can get more debug info from the server somehow, or track down what is happening, that would be excellent. /Simon |
Author: | Simon [ Wed May 28, 2008 5:52 pm ] |
Post subject: | Re: My own OpenID server |
Anders, the server.php/login page is "virtual", i.e. the server.php gets passed a parameter "login" and should then display the login page. It may be that this virtual passing of parameters to php files doesn't work the same under apache as under IIS7. I suspect it is a problem with the upstream code though. /Simon |
Author: | network-marvels [ Thu Oct 02, 2008 8:15 am ] |
Post subject: | Re: My own OpenID server |
We have installed OPENID server on Windows Vista platform. Please see the below document for installation and configuration steps along with test cases.
The purpose of this document is to guide readers through the configuration steps to host Yubico OPENID server on IIS7 (Internet Information Server) on Windows Vista 32 and 64 bit Platform. (Even though this document targets the Vista platform, functionality has also been verified on Windows Server 2008 and Windows Server 2003 – 32 and 64bit platforms ). This document assumes that the reader has advanced knowledge and experience in Windows system administration, particularly how a PHP based application is hosted on IIS 7 Windows Vista Platform. 2. Prerequisites Hosting Yubico OPENID server on IIS 7 Vista platform requires following prerequisites:
2) IIS: IIS Version 7 3) PHP: PHP Version 5.2.6. PHP can be downloaded from the following link: http://www.php.net/downloads.php 4) Yubico OPENID Server: php-openid-2.0.1.yubico.0. It can be downloaded from the following link: http://code.google.com/p/yubico-openid- ... loads/list 5) Auth_Yubico: Auth_Yubico-1.2. It can be downloaded from the following link: http://code.google.com/p/php-yubico/downloads/list 3. Configuration We assume that IIS 7 is configured correctly to host and support PHP based applications.
Download the Auth_Yubico PHP class from the link provided above. It is written as a PEAR module. User needs to install PEAR module before installing the Auth_Yubico. The following steps describe how to install PEAR module: 1) Open command prompt 2) Change to the PHP installation directory (In our test environment it is C:\php) 3) Run the “go-pear.bat” batch file and follow the on-screen installation steps 4) This will install PEAR in the specified installation path (In our test environment it is C:\php) Next, follow the steps below to install Auth_Yubico: 1) Open command prompt 2) Change to the directory where Auth_Yubico-1.2.tgz is downloaded 3) Type "pear install Auth_Yubico-1.1.tgz" at command prompt 4) This will install Yubico.php to the "PEAR Installation Path\Auth" directory (In our test environment it is C:\php\Auth\Yubico.php) • Installation of Yubico OPENID Server Download the Yubico OPENID server from the link provided above. Then follow the steps below to configure Yubico OPENID Server: 1) Unzip the “php-openid-2.0.1.yubico.0.tar.bz2”. 2) Follow the instructions given in README file and http://code.google.com/p/yubico-openid- ... adMeYubico 3) Edit the php.ini file to enable the curl extension. Uncomment the line “extension=php_curl.dll”. 4) The OpenID server code is found in examples\server\. The IIS 7 web server should be configured to use this directory as the document root. 5) Edit the session.php (stored in examples\server\lib directory) to change the login url. Replace the line 34 with the code given below: {$s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';} (This step will allow requests coming over HTTP and HTTPS.) 4. Test Setup Our test environment is as follows:
B) IIS Server: IIS Server 7.0.6000.16386 C) PHP Version: PHP Version 5.2.6 D) Config.php file: <?php /** * Set any extra include paths needed to use the library */ set_include_path(get_include_path() . PATH_SEPARATOR . "C:\\inetpub\\wwwroot\\openid"); /** * The URL for the server. * * This is the location of server.php. For example: * * $server_url = 'http://example.com/~user/server.php'; * * This must be a full URL. */ $server_url = "http://192.168.1.36/openid/examples/server/server.php"; /** * Initialize an OpenID store * * @return object $store an instance of OpenID store (see the * documentation for how to create one) */ function getOpenIDStore() { require_once "Auth/OpenID/FileStore.php"; return new Auth_OpenID_FileStore("D:\\Auth"); } require_once 'C:\php\Auth\Yubico.php'; $yubi = &new Auth_Yubico('241', 'GAqX76BW8IbqdwVqQIDfB8aBmDM='); (The above text in bold font needs to be added to the configuration file.) ?> E) Session.php file: <?php require_once "config.php"; require_once "lib/render.php"; require_once "Auth/OpenID/Server.php"; /** * Set up the session */ function init() { session_name('openid_server'); session_start(); } /** * Get the style markup */ function getStyle() { $parent = rtrim(dirname(getServerURL()), '/'); $url = htmlspecialchars($parent . '/openid-server.css', ENT_QUOTES); return sprintf('<link rel="stylesheet" type="text/css" href="%s" />', $url); } /** * Get the URL of the current script */ function getServerURL() { $path = $_SERVER['SCRIPT_NAME']; $host = $_SERVER['HTTP_HOST']; $port = $_SERVER['SERVER_PORT']; $s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : ''; /* (The above text in bold font needs to be added to the session.php at line 34.) */ if (($s && $port == "443") || (!$s && $port == "80")) { $p = ''; } else { $p = ':' . $port; } return "http$s://$host$p$path"; } /** * Build a URL to a server action */ function buildURL($action=null, $escaped=true) { $url = getServerURL(); if ($action) { $url .= '/' . $action; } return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url; } /** * Extract the current action from the request */ function getAction() { $path_info = @$_SERVER['PATH_INFO']; $action = ($path_info) ? substr($path_info, 1) : ''; $function_name = 'action_' . $action; return $function_name; } /** * Write the response to the request */ function writeResponse($resp) { list ($headers, $body) = $resp; array_walk($headers, 'header'); header(header_connection_close); print $body; } /** * Instantiate a new OpenID server object */ function getServer() { static $server = null; if (!isset($server)) { $server =& new Auth_OpenID_Server(getOpenIDStore(), buildURL()); } return $server; } /** * Return a hashed form of the user's password */ function hashPassword($password) { return bin2hex(Auth_OpenID_SHA1($password)); } /** * Check the user's login information. Return OpenID URL for user. */ function checkLogin($yubikey) { // from config.php global $yubi; $token_size = 32; $min_identity_size = 12; if (strlen ($yubikey) < $token_size + $min_identity_size) { return array(array('Authentication failure: too short input'), false); } $identity = substr ($yubikey, 0, strlen ($yubikey) - $token_size); $openid_url = $identity; $auth = $yubi->verify($yubikey); if (PEAR::isError($auth)) { return array(array('Authentication failure: ' . $auth->getMessage() . '<!-- Debug output from server: ' . $yubi->getLastResponse() . '-->'), false); } return array(array(), $openid_url); } /** * Get the openid_url out of the cookie * * @return mixed $openid_url The URL that was stored in the cookie or * false if there is none present or if the cookie is bad. */ function getLoggedInUser() { return isset($_SESSION['openid_url']) ? $_SESSION['openid_url'] : false; } /** * Set the openid_url in the cookie * * @param mixed $identity_url The URL to set. If set to null, the * value will be unset. */ function setLoggedInUser($identity_url=null) { if (!isset($identity_url)) { unset($_SESSION['openid_url']); } else { $_SESSION['openid_url'] = $identity_url; } } function getRequestInfo() { return isset($_SESSION['request']) ? unserialize($_SESSION['request']) : false; } function setRequestInfo($info=null) { if (!isset($info)) { unset($_SESSION['request']); } else { $_SESSION['request'] = serialize($info); } } function getSreg($identity) { // from config.php global $openid_sreg; if (!is_array($openid_sreg)) { return null; } return $openid_sreg[$identity]; } function idURL($identity) { return buildURL('idpage') . "?user=" . $identity; } function idFromURL($url) { if (strpos($url, 'idpage') === false) { return null; } $parsed = parse_url($url); $q = $parsed['query']; $parts = array(); parse_str($q, $parts); return @$parts['user']; } ?> 5. Testing the configuration We have tested the Yubico OPENID server on following Windows sever platforms:
b) IIS Version: IIS version 7.0.6000.16386
b) IIS Version: IIS version 6.0
b) IIS Version: IIS version 7.0 Yubico OPENID server is working fine on with any OS (Windows Vista and Windows Server 2008) having IIS 7.0 but not on any OS (windows server 2003, windows XP) with IIS 6.0. (Note: IIS is a part of the OS, the version is determined by what OS is installed. To get IIS7 we must upgrade to Windows Vista or Server 2008.) There is problem with URL rewriting handled by IIS server version 6.0 which affects Yubico OPENID server functionality. This is fixed in Version 7.0. We can successfully host Yubico OPENID server on any latest windows operating system (Windows Vista and Server 2008) installed with IIS server version 7.0. Please follow the procedure below to use the Yubikey OPENID authentication:
Attachment: Image1.JPG • Focus the cursor at Yubikey field and press the Yubikey to emit the OTP: Attachment: Image2.JPG • Ones the Yubikey generated OTP is authenticated successfully, users are logged in to the OPENID server. Attachment: Image3.JPG |
Author: | Peachy [ Tue Jan 27, 2009 8:24 pm ] |
Post subject: | Re: My own OpenID server |
Thank-you very much. It works fine now after a weekend and a day of playing around. I have it working in Windows Vista Enterprise SP1 using PHP 5.2.8 and MySQL 5.1.30. The problem I had most of the weekend was that I decided to try and set it up in Windows 7 Beta build 7000. At the moment the server.php file causes a 500.0 internal server error in IIS 7. I chalk this up to it being beta software. Also, PHP seems to require being installed as a FastCGI module rather than an ISAPI module. /Phillip |
Author: | Simon [ Wed Feb 18, 2009 12:16 pm ] |
Post subject: | Re: My own OpenID server |
Btw, I have updated the installation instructions as well, please see: http://code.google.com/p/yubico-openid- ... adMeYubico Good luck, Simon |
Author: | Peachy [ Thu Feb 26, 2009 2:31 am ] |
Post subject: | Re: My own OpenID server |
Thank-you, Simon. I was planning on setting up the OpenID server in Linux this week so this is quite helpful. By the way, I did manage to get the server working in Windows Server 2008, too. I had a typo in the session.php file. |
Author: | editor [ Sat Jul 25, 2009 11:14 pm ] |
Post subject: | Re: My own OpenID server |
Is there a way to enable checkid_immediate in the Yubico phpopenid server? |
Author: | mat [ Tue Jan 26, 2010 8:07 pm ] |
Post subject: | Re: My own OpenID server |
Hello, I've installed the Yubico OpenID Server and it all went relatively smoothly. However, when I attempt to use Identifiers using HTTPS instead of HTTP, I get this error: Authentication error; not a valid OpenID. Has anyone else encountered this? If so how did you overcome it? Any help would be greatly appreciated. |
Page 1 of 2 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |