Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:27 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 19 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: My own OpenID server
PostPosted: Tue May 27, 2008 4:15 pm 
Offline

Joined: Tue May 27, 2008 2:24 pm
Posts: 6
So, I've installed the Yubico OpenID server and have verified that it works at least with the consumer script. I've setup a local Drupal 6 server to test the Yubikey/OpenID authentication. It works seamlessly with the openid.yubico.com OpenID provider, but If I use an OpenID based on my own Yubico OpenID server that I installed locally, I can get to the server login screen and input my OTP from my Yubikey. Then it redirects me to a blank page with the word 'trust' appended to the URL and doesn't return me back to the OpenID consumer. Am I missing something here? I used an OpenID URI similar to the Yubico one, just replacing the openid.yubico.com domain with my own.

Also, when I do a test with the server.php on my local OpenID server I get a blank page with the word 'login' appended to the URL. I seem to be missing some other piece.

OpenID server system specs:

openSUSE 10.3 kernel 2.6.22.5-31-default
Apache 2-2.2.4-70
PHP5.2.4-11
MySQL 5.0.45-22

/Phillip


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: My own OpenID server
PostPosted: Tue May 27, 2008 7:21 pm 
Offline

Joined: Tue May 27, 2008 7:15 pm
Posts: 4
Hi!

I just set up the OpenID server on my IIS7 Vista64 machine.

I had a similar problem when trying to log in with the server.php and didnt get anywhere when i clicked the login button. Looked like the page (server.php/login) was missing.
This had to do with that it used https and i hadnt set up my system for that yet.

Although i assume thats not your problem since my misstake is a rookie one. :-P But anyway just thought id mention it.

REGARDS
Anders


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Wed May 28, 2008 5:51 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Did you install the PHP Auth_Yubico module and made the necessary modifications to config.php?

See http://code.google.com/p/yubico-openid- ... adMeYubico

I just double-checked, and except for config.php, the code we are running on openid.yubico.com is _exactly_ the same as on the yubico-openid-server google project. There may be some additional installation step that is necessary though.

If you can get more debug info from the server somehow, or track down what is happening, that would be excellent.

/Simon


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Wed May 28, 2008 5:52 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Anders, the server.php/login page is "virtual", i.e. the server.php gets passed a parameter "login" and should then display the login page. It may be that this virtual passing of parameters to php files doesn't work the same under apache as under IIS7. I suspect it is a problem with the upstream code though.

/Simon


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Thu Oct 02, 2008 8:15 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We have installed OPENID server on Windows Vista platform. Please see the below document for installation and configuration steps along with test cases.

    1. About this document

    The purpose of this document is to guide readers through the configuration steps to host Yubico OPENID server on IIS7 (Internet Information Server) on Windows Vista 32 and 64 bit Platform. (Even though this document targets the Vista platform, functionality has also been verified on Windows Server 2008 and Windows Server 2003 – 32 and 64bit platforms ).

    This document assumes that the reader has advanced knowledge and experience in Windows system administration, particularly how a PHP based application is hosted on IIS 7 Windows Vista Platform.

    2. Prerequisites

    Hosting Yubico OPENID server on IIS 7 Vista platform requires following prerequisites:


    3. Configuration

    We assume that IIS 7 is configured correctly to host and support PHP based applications.

      • Installation of Auth_Yubico

      Download the Auth_Yubico PHP class from the link provided above.
      It is written as a PEAR module. User needs to install PEAR module before installing the Auth_Yubico. The following steps describe how to install PEAR module:

      1) Open command prompt
      2) Change to the PHP installation directory (In our test environment it is C:\php)
      3) Run the “go-pear.bat” batch file and follow the on-screen installation steps
      4) This will install PEAR in the specified installation path (In our test environment it is C:\php)

      Next, follow the steps below to install Auth_Yubico:

      1) Open command prompt
      2) Change to the directory where Auth_Yubico-1.2.tgz is downloaded
      3) Type "pear install Auth_Yubico-1.1.tgz" at command prompt
      4) This will install Yubico.php to the "PEAR Installation Path\Auth" directory (In our test environment it is C:\php\Auth\Yubico.php)

      • Installation of Yubico OPENID Server

      Download the Yubico OPENID server from the link provided above.
      Then follow the steps below to configure Yubico OPENID Server:

      1) Unzip the “php-openid-2.0.1.yubico.0.tar.bz2”.
      2) Follow the instructions given in README file and http://code.google.com/p/yubico-openid- ... adMeYubico
      3) Edit the php.ini file to enable the curl extension. Uncomment the line “extension=php_curl.dll”.
      4) The OpenID server code is found in examples\server\. The IIS 7 web server should be configured to use this directory as the document root.
      5) Edit the session.php (stored in examples\server\lib directory) to change the login url. Replace the line 34 with the code given below:

      {$s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';}

      (This step will allow requests coming over HTTP and HTTPS.)

    4. Test Setup

    Our test environment is as follows:

      A) Operating System: Windows Vista Ultimate Server Pack 1
      B) IIS Server: IIS Server 7.0.6000.16386
      C) PHP Version: PHP Version 5.2.6
      D) Config.php file:

      <?php
      /**
      * Set any extra include paths needed to use the library
      */
      set_include_path(get_include_path() . PATH_SEPARATOR . "C:\\inetpub\\wwwroot\\openid");

      /**
      * The URL for the server.
      *
      * This is the location of server.php. For example:
      *
      * $server_url = 'http://example.com/~user/server.php';
      *
      * This must be a full URL.
      */
      $server_url = "http://192.168.1.36/openid/examples/server/server.php";

      /**
      * Initialize an OpenID store
      *
      * @return object $store an instance of OpenID store (see the
      * documentation for how to create one)
      */
      function getOpenIDStore()
      {
      require_once "Auth/OpenID/FileStore.php";
      return new Auth_OpenID_FileStore("D:\\Auth");
      }

      require_once 'C:\php\Auth\Yubico.php';
      $yubi = &new Auth_Yubico('241', 'GAqX76BW8IbqdwVqQIDfB8aBmDM=');

      (The above text in bold font needs to be added to the configuration file.)
      ?>

      E) Session.php file:

      <?php

      require_once "config.php";
      require_once "lib/render.php";
      require_once "Auth/OpenID/Server.php";

      /**
      * Set up the session
      */
      function init()
      {
      session_name('openid_server');
      session_start();
      }

      /**
      * Get the style markup
      */
      function getStyle()
      {
      $parent = rtrim(dirname(getServerURL()), '/');
      $url = htmlspecialchars($parent . '/openid-server.css', ENT_QUOTES);
      return sprintf('<link rel="stylesheet" type="text/css" href="%s" />', $url);
      }

      /**
      * Get the URL of the current script
      */
      function getServerURL()
      {
      $path = $_SERVER['SCRIPT_NAME'];
      $host = $_SERVER['HTTP_HOST'];
      $port = $_SERVER['SERVER_PORT'];
      $s = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on"))? 's' : '';
      /*
      (The above text in bold font needs to be added to the session.php at line 34.)
      */
      if (($s && $port == "443") || (!$s && $port == "80")) {
      $p = '';
      } else {
      $p = ':' . $port;
      }

      return "http$s://$host$p$path";
      }

      /**
      * Build a URL to a server action
      */
      function buildURL($action=null, $escaped=true)
      {
      $url = getServerURL();
      if ($action) {
      $url .= '/' . $action;
      }
      return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url;
      }

      /**
      * Extract the current action from the request
      */
      function getAction()
      {
      $path_info = @$_SERVER['PATH_INFO'];
      $action = ($path_info) ? substr($path_info, 1) : '';
      $function_name = 'action_' . $action;
      return $function_name;
      }

      /**
      * Write the response to the request
      */
      function writeResponse($resp)
      {
      list ($headers, $body) = $resp;
      array_walk($headers, 'header');
      header(header_connection_close);
      print $body;
      }

      /**
      * Instantiate a new OpenID server object
      */
      function getServer()
      {
      static $server = null;
      if (!isset($server)) {
      $server =& new Auth_OpenID_Server(getOpenIDStore(),
      buildURL());
      }
      return $server;
      }

      /**
      * Return a hashed form of the user's password
      */
      function hashPassword($password)
      {
      return bin2hex(Auth_OpenID_SHA1($password));
      }

      /**
      * Check the user's login information. Return OpenID URL for user.
      */
      function checkLogin($yubikey)
      {
      // from config.php
      global $yubi;

      $token_size = 32;
      $min_identity_size = 12;

      if (strlen ($yubikey) < $token_size + $min_identity_size) {
      return array(array('Authentication failure: too short input'), false);
      }

      $identity = substr ($yubikey, 0, strlen ($yubikey) - $token_size);
      $openid_url = $identity;

      $auth = $yubi->verify($yubikey);
      if (PEAR::isError($auth)) {
      return array(array('Authentication failure: ' . $auth->getMessage() .
      '<!-- Debug output from server: ' . $yubi->getLastResponse() . '-->'),
      false);
      }

      return array(array(), $openid_url);
      }

      /**
      * Get the openid_url out of the cookie
      *
      * @return mixed $openid_url The URL that was stored in the cookie or
      * false if there is none present or if the cookie is bad.
      */
      function getLoggedInUser()
      {
      return isset($_SESSION['openid_url'])
      ? $_SESSION['openid_url']
      : false;
      }

      /**
      * Set the openid_url in the cookie
      *
      * @param mixed $identity_url The URL to set. If set to null, the
      * value will be unset.
      */
      function setLoggedInUser($identity_url=null)
      {
      if (!isset($identity_url)) {
      unset($_SESSION['openid_url']);
      } else {
      $_SESSION['openid_url'] = $identity_url;
      }
      }

      function getRequestInfo()
      {
      return isset($_SESSION['request'])
      ? unserialize($_SESSION['request'])
      : false;
      }

      function setRequestInfo($info=null)
      {
      if (!isset($info)) {
      unset($_SESSION['request']);
      } else {
      $_SESSION['request'] = serialize($info);
      }
      }


      function getSreg($identity)
      {
      // from config.php
      global $openid_sreg;

      if (!is_array($openid_sreg)) {
      return null;
      }

      return $openid_sreg[$identity];

      }

      function idURL($identity)
      {
      return buildURL('idpage') . "?user=" . $identity;
      }

      function idFromURL($url)
      {
      if (strpos($url, 'idpage') === false) {
      return null;
      }

      $parsed = parse_url($url);

      $q = $parsed['query'];

      $parts = array();
      parse_str($q, $parts);

      return @$parts['user'];
      }

      ?>

    5. Testing the configuration

    We have tested the Yubico OPENID server on following Windows sever platforms:

      1) Windows Server 2008:
        a) Operating system: Windows Server 2008 Standard Edition Service Pack1
        b) IIS Version: IIS version 7.0.6000.16386
      2) Windows Server 2003:
        a) Operating system: Windows Server 2003 Standard Edition Service Pack 1
        b) IIS Version: IIS version 6.0
      3) Windows Vista Ultimate:
        a) Operating System: Windows Vista Ultimate Service Pack 1
        b) IIS Version: IIS version 7.0

Yubico OPENID server is working fine on with any OS (Windows Vista and Windows Server 2008) having IIS 7.0 but not on any OS (windows server 2003, windows XP) with IIS 6.0. (Note: IIS is a part of the OS, the version is determined by what OS is installed. To get IIS7 we must upgrade to Windows Vista or Server 2008.)

There is problem with URL rewriting handled by IIS server version 6.0 which affects Yubico OPENID server functionality. This is fixed in Version 7.0.

We can successfully host Yubico OPENID server on any latest windows operating system (Windows Vista and Server 2008) installed with IIS server version 7.0.

Please follow the procedure below to use the Yubikey OPENID authentication:

    • From any web browser go to the Yubico OPENID server. The OPENID server home page should be seen as (see picture below):
    Attachment:
    Image1.JPG


    • Focus the cursor at Yubikey field and press the Yubikey to emit the OTP:
    Attachment:
    Image2.JPG


    • Ones the Yubikey generated OTP is authenticated successfully, users are logged in to the OPENID server.
    Attachment:
    Image3.JPG



Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Tue Jan 27, 2009 8:24 pm 
Offline

Joined: Tue May 27, 2008 2:24 pm
Posts: 6
Thank-you very much. It works fine now after a weekend and a day of playing around. I have it working in Windows Vista Enterprise SP1 using PHP 5.2.8 and MySQL 5.1.30. The problem I had most of the weekend was that I decided to try and set it up in Windows 7 Beta build 7000. At the moment the server.php file causes a 500.0 internal server error in IIS 7. I chalk this up to it being beta software. Also, PHP seems to require being installed as a FastCGI module rather than an ISAPI module.

/Phillip


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Wed Feb 18, 2009 12:16 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Btw, I have updated the installation instructions as well, please see:

http://code.google.com/p/yubico-openid- ... adMeYubico

Good luck,
Simon


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Thu Feb 26, 2009 2:31 am 
Offline

Joined: Tue May 27, 2008 2:24 pm
Posts: 6
Thank-you, Simon.

I was planning on setting up the OpenID server in Linux this week so this is quite helpful. By the way, I did manage to get the server working in Windows Server 2008, too. I had a typo in the session.php file.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Sat Jul 25, 2009 11:14 pm 
Offline

Joined: Mon Jun 29, 2009 9:46 pm
Posts: 7
Is there a way to enable checkid_immediate in the Yubico phpopenid server?


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Tue Jan 26, 2010 8:07 pm 
Offline

Joined: Mon Jan 25, 2010 4:39 pm
Posts: 5
Hello, I've installed the Yubico OpenID Server and it all went relatively smoothly. However, when I attempt to use Identifiers using HTTPS instead of HTTP, I get this error: Authentication error; not a valid OpenID.

Has anyone else encountered this? If so how did you overcome it? Any help would be greatly appreciated.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group