Deploying OpenID..

0 views
Skip to first unread message

Faizal Heesyam

unread,
Nov 25, 2009, 7:29:47 PM11/25/09
to kk-...@googlegroups.com
good morning Open-Sourcers!

anyone here have some experience, knowledge or skills in deploying an OpenID provider? means we setup and host our own OpenID facility..

i have some ideas to propose to the company, but would like to make some research first.. example of provider that we know is MyOpenID, VeriSign..etc so i was thinking of making our own (for the company)...

why?
the number of web application developed here is increasing, and there's a variety in what language being used (php, asp, cf, and future..ruby), and on what platform it is being hosted (windows, linux..etc).. so now, mcm start sudah ada issue on authentication, bukan issue apa, cuma everytime ada new app, design login page baru.. lain programmer, lain pula style.. lain apps, lain lagi approach dia.. walhal tujuan dia sama jak, authenticate yourself, then based on that, retrieve apa2 info yg patut for that particular system..

aku rasa mcm kureng sket lah, terlintas di kepala aku why not kasi fix and standardize semua, create a trend la kiranya, which is authentication using OpenID style.. instead of username/password for all apps (ada case juga di mana programmer buat table dlm db system sendiri utk store user, causing redundant data, info ndak synchronize), why not just use a single URL to authenticate yourself for all apps.. kalo ada kelonggaran, authenticate guna Facebook Connect lagi! hahahahha! (dlm mimpi la....)

anyone ada experience doing this? mind to share anything? thanks for your time and have a nice day!

Regards,
Faizal Heesyam

506.gif

edthix

unread,
Nov 29, 2009, 2:13:51 PM11/29/09
to kk-...@googlegroups.com
Happy Monday all

https://www.myopenid.com/help#own_domain ada contoh untuk roll ur own
openid
using myopenid at ur own domain

Probably not just rolling ur own, u can just check out single sign on
solutions, sebab
openid using 3rd party service perlu connection ke internet (I assume u r
deploying
in your own network)

-ed-

On Thu, 26 Nov 2009 08:29:47 +0800, Faizal Heesyam <pai...@gmail.com>
wrote:

> good morning Open-Sourcers! [?]
>
> anyone here have some experience, knowledge or skills in deploying an
> OpenID
> provider? means we setup and host our own OpenID facility..
>
> i have some ideas to propose to the company, but would like to make some
> research first.. example of provider that we know is MyOpenID,
> VeriSign..etc
> so i was thinking of making our own (for the company)...
>
> *why?*
> the number of web application developed here is increasing, and there's a
> variety in what language being used (php, asp, cf, and future..ruby),
> and on
> what platform it is being hosted (windows, linux..etc).. so now, mcm
> start
> sudah ada issue on authentication, bukan issue apa, cuma everytime ada
> new
> app, design login page baru.. lain programmer, lain pula style.. lain
> apps,
> lain lagi approach dia.. walhal tujuan dia sama jak, authenticate
> yourself,
> then based on that, retrieve apa2 info yg patut for that particular
> system..
>
> aku rasa mcm kureng sket lah, terlintas di kepala aku why not kasi fix
> and
> standardize semua, create a trend la kiranya, which is authentication
> using
> OpenID style.. *instead of username/password* for all apps (ada case
> juga di
> mana programmer buat table dlm db system sendiri utk store user, causing
> redundant data, info ndak synchronize), why not *just use a single URL*
> to
> authenticate yourself for all apps.. kalo ada kelonggaran, authenticate
> guna
> Facebook Connect lagi! hahahahha! (dlm mimpi la....)
>
> anyone ada experience doing this? mind to share anything? thanks for your
> time and have a nice day!
>
> Regards,
> Faizal Heesyam
>
> >


--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

paragasu

unread,
Dec 9, 2009, 11:08:25 PM12/9/09
to kk-...@googlegroups.com
hi..

Lama sudah ni OpenID punya cerita ni. Saya ada juga study sikit2 pasal API
dia. Sekarang ni ada sudah hybrid OpenID + OAuth..
Kalau ada tambah lagi FaceBook Connect nah.. hehe

Kalau mau guna, bagus pakai Library dia. Sebab, provide OpenID tidak standard semua.
cth.. wordpress ada sikit problem dengan URL tu..

Regards,
jeffry

edthix

unread,
Dec 9, 2009, 11:18:15 PM12/9/09
to kk-...@googlegroups.com
Hi boss, long time no see :D

On Thu, 10 Dec 2009 12:08:25 +0800, paragasu <para...@gmail.com> wrote:

> hi..
> Lama sudah ni OpenID punya cerita ni. Saya ada juga study sikit2 pasal
> API
> dia. Sekarang ni ada sudah hybrid OpenID + OAuth..
> Kalau ada tambah lagi FaceBook Connect nah.. hehe
>
> Kalau mau guna, bagus pakai Library dia. Sebab, provide OpenID tidak
> standard semua.
> cth.. wordpress ada sikit problem dengan URL tu..
>
> Regards,
> jeffry
>
> On 11/26/09, Faizal Heesyam <pai...@gmail.com> wrote:
>> good morning Open-Sourcers! [?]

paragasu

unread,
Dec 9, 2009, 11:56:20 PM12/9/09
to kk-...@googlegroups.com
Hi,

ada juga saya check email bah, tapi tidak nampak tu email.
banyak betul mailing-list saya subscribe ni..

Faizal Heesyam

unread,
Dec 10, 2009, 8:33:35 AM12/10/09
to kk-...@googlegroups.com
thanks for the reply..

ya edthix, its for our own network.. masih lagi isu duuulu yg aku story sama ko tu.. susah aku nih belum cukup ilmu mau solve ni problem.. single-sign on mmg solution yg kena try skang ni, but i dont have any reference when it comes to technical questions like does it solve the different platform situation, or different language scenario?

tu yg terpikir mau buat something mcm openid, dia pakai url jak, authenticate dr sana, then the session available for all other apps to be use.. betul ka pemahaman aku nih? heheh! minta tunjuk ajar dulu dr sifu2 sini.. :D

Regards,
Faizal Heesyam

paragasu

unread,
Dec 10, 2009, 9:25:03 AM12/10/09
to kk-...@googlegroups.com
Ui,

Ui ada sudah tu, banyak sudah dia punya library open lagi tuk deploy openid.
shouldn't be a problem kalau ko mau letak di website ko

Regards,
jeffry

edthix

unread,
Dec 10, 2009, 3:19:03 PM12/10/09
to kk-...@googlegroups.com
Kalau involving state gomen own intra (I believe ada sendiri kan under
Sabah.net)
janji users boleh connect to internet (boleh guna third party openid
providers),

tapi implikasi security dan audit di gomen aku ndak tau camana hehehe ni
ko kena
discuss dalaman :D

On Thu, 10 Dec 2009 21:33:35 +0800, Faizal Heesyam <pai...@gmail.com>
wrote:

paragasu

unread,
Dec 10, 2009, 5:21:00 PM12/10/09
to kk-...@googlegroups.com
ui, kalau involve goverment. susah sikit lar. benda simple pun kena
meeting kali2 tu.
mana diorang faham tu apa openid. tidak pasal2 paranoid diorang ni..
> --~--~---------~--~----~------------~-------~--~----~
> Anda menerima mesej ini kerana anda dilanggan ke Kumpulan "KK LUG" Kumpulan
> Google.
> Untuk mencatat ke kumpulan ini, hantar e-mel kepada kk-...@googlegroups.com
> Untuk berhenti melanggan, hantar e-mel kepada
> kk-lug+un...@googlegroups.com
> Untuk lebih pilihan, lawati kumpulan ini di
> http://groups.google.com/group/kk-lug?hl=ms
> -~----------~----~----~----~------~----~------~--~---
>
>

Abg Lang

unread,
Dec 10, 2009, 9:23:50 PM12/10/09
to kk-...@googlegroups.com
Bagi Pihak MAMPU, pengunaan server luar untuk servis dalaman adalah tidak dibenarkan.
Ini termasuk email.
Saya tidak tahu polisi Negeri sama ada ia ikut mampu atau tidak.

Jadi.. kalau mau buat OpenID.. jgn gunakan OpenID sedia ada tu...
saya cadangkan gunakan install dan gunakan LDAP sebagai authentication server utk single sign on.
Sebab dlm open source.. banyak script / plugin yg boleh digunakan untuk login sini termasuk Joomla, open source email, radius server.. etc


--

Anda menerima mesej ini kerana anda melanggan kumpulan "KK LUG" Google Kumpulan.
Untuk mengirim kepada kumpulan ini, hantarkan e-mel kepada kk-...@googlegroups.com.
Untuk menghentikan langganan kumpulan ini, hantarkan e-mel kepada kk-lug+un...@googlegroups.com.
Untuk mendapatkan lebih banyak pilihan, lawati kumpulan ini di http://groups.google.com/group/kk-lug?hl=ms.



Ghodmode

unread,
Dec 11, 2009, 3:10:01 AM12/11/09
to kk-...@googlegroups.com
On 10/12/09 17:08, paragasu wrote:
hi..

Lama sudah ni OpenID punya cerita ni. Saya ada juga study sikit2 pasal API
dia. Sekarang ni ada sudah hybrid OpenID + OAuth..
Kalau ada tambah lagi FaceBook Connect nah.. hehe

Kalau mau guna, bagus pakai Library dia. Sebab, provide OpenID tidak standard semua.
cth.. wordpress ada sikit problem dengan URL tu..

Regards,
jeffry


I know what you mean... Twitter, Facebook Connect, Google "Friend Connect", Gmail, Yahoo, OAuth, OpenID, and probably many more all offer a different single sign-on type of protocol.

The problem is that each of the major social networks wants to maintain control of their user information.  They consider all of their value to be tied up in that user data.  So, each of them comes up with their own alternative to OpenID.  Their actually competing with OpenID and making it more difficult for us as developers and web admins.

Here's a related article : http://www.penn-olson.com/2009/12/04/the-yahoo-facebook-google-twitter-openid-competition/


--
Vince Aggrippino
a.k.a. Ghodmode
www.ghodmode.com

Sabar je lah!  Susah orang putih ni cuba faham Bahasa Melayu :-)


Ghodmode

unread,
Dec 11, 2009, 3:28:35 AM12/11/09
to kk-...@googlegroups.com
On 11/12/09 02:33, Faizal Heesyam wrote:
thanks for the reply..

ya edthix, its for our own network.. masih lagi isu duuulu yg aku story sama ko tu.. susah aku nih belum cukup ilmu mau solve ni problem.. single-sign on mmg solution yg kena try skang ni, but i dont have any reference when it comes to technical questions like does it solve the different platform situation, or different language scenario?

Different client platform, like Firefox vs. IE or Windows vs. OSX?  That shouldn't give any problem at all.

Different server platform, like Apache vs. IIS?  The deployment of an OpenID server on different app server platforms could be very different.

Language shouldn't be any problem at all.  Whether you're referring to spoken language (like BM vs. English), or programming language (like PHP vs. Java), following the API should ensure that the OpenID server and the site that accepts the login both are exchanging the correct information.


tu yg terpikir mau buat something mcm openid, dia pakai url jak, authenticate dr sana, then the session available for all other apps to be use.. betul ka pemahaman aku nih? heheh! minta tunjuk ajar dulu dr sifu2 sini.. :D

When someone signs in to a site with an OpenID login, the site only gets a URI that has the information about the username and OpenID server that will do the actual authentication.  The site is basically trusting the server that the user is who they say they are.  It's kinda like what a Commissioner of Oath (Pesuruhjaya Sumpah) does on a contract.

So, the answer to your question is yes, the session would be available for all other apps or sites to use after that first log in... well sort of... If you sign in to one site with your OpenID, it passes you to the OpenID server for authentication which returns you back to the site authenticated.  Then, when you sign into the second site with your OpenID and it directs you to the OpenID authentication server, you're already authenticated.

The user would have to type their password once when they logged in to the first site with their OpenID, but if it was implemented correctly, they wouldn't ever need to type that password in again during a session.  Visiting other sites where the user had logged in with that OpenID, the site's code would see the user as already authenticated.

Regards,
Faizal Heesyam


Maaf lah saya tidak berani taip BM.  Belum pandai BM terus :-(

--
Vince Aggrippino
a.k.a. Ghodmode
www.ghodmode.com

edthix

unread,
Dec 11, 2009, 4:35:07 AM12/11/09
to kk-...@googlegroups.com
LDAP pun oraits
>> kk-lug+un...@googlegroups.com<kk-lug%2Bunsu...@googlegroups.com>
>> > Untuk lebih pilihan, lawati kumpulan ini di
>> > http://groups.google.com/group/kk-lug?hl=ms
>> > -~----------~----~----~----~------~----~------~--~---
>> >
>> >
>>
>> --
>>
>> Anda menerima mesej ini kerana anda melanggan kumpulan "KK LUG" Google
>> Kumpulan.
>> Untuk mengirim kepada kumpulan ini, hantarkan e-mel kepada
>> kk-...@googlegroups.com.
>> Untuk menghentikan langganan kumpulan ini, hantarkan e-mel kepada
>> kk-lug+un...@googlegroups.com<kk-lug%2Bunsu...@googlegroups.com>
>> .
>> Untuk mendapatkan lebih banyak pilihan, lawati kumpulan ini di
>> http://groups.google.com/group/kk-lug?hl=ms.
>>
>>
>>
>
> --
>
> Anda menerima mesej ini kerana anda melanggan kumpulan "KK LUG" Google
> Kumpulan.
> Untuk mengirim kepada kumpulan ini, hantarkan e-mel kepada
> kk-...@googlegroups.com.
> Untuk menghentikan langganan kumpulan ini, hantarkan e-mel kepada
> kk-lug+un...@googlegroups.com.
> Untuk mendapatkan lebih banyak pilihan, lawati kumpulan ini di
> http://groups.google.com/group/kk-lug?hl=ms.
>
>


paragasu

unread,
Dec 11, 2009, 11:37:31 AM12/11/09
to kk-...@googlegroups.com
ya,

LDAP more on intranet i think. And more suitable to ur need..

Abg Lang

unread,
Dec 11, 2009, 11:50:54 AM12/11/09
to kk-...@googlegroups.com
Sabah NET mmg intranet juga bah tu..

2009/12/12 paragasu <para...@gmail.com>

Faizal Heesyam

unread,
Dec 14, 2009, 9:40:07 PM12/14/09
to kk-...@googlegroups.com
vince,
there's no issue with client platform like browsers or OS.. since this is web-based, i believe its the server-side that matters.. client just need a browser and internet connection.. :)

tentang penggunaan LDAP, i was thinking bout it as well, need to consult with our engineering dept for this..

abglang,
yup sabah.net mmg intranet.. i believe policy kita lebih kurang jak tu..

paragasu,
mmg lumrah sudah tu meeting balik2, no comment.. :D


2009/12/12 Abg Lang <abg...@gmail.com>

Abg Lang

unread,
Dec 15, 2009, 9:50:24 AM12/15/09
to kk-...@googlegroups.com
Saya ada buku Deploying LDAP.. rancang dulu mau deploy di poli.. tapi nda sempat..
so.. buku tu langsung aku nda baca sudah wakakaka

2009/12/15 Faizal Heesyam <pai...@gmail.com>
Reply all
Reply to author
Forward
0 new messages