For some reason I was under the mistaken impression that setting up an OpenID on my own domain, ginatrapani.org, would be a big hassle: that I’d have to host my own OpenID server software and that it would take all sorts of installation and maintenance BS to do so. I feel strongly about owning my identity online, mapping it to my nameplate domain, and actively choosing an authorizing party instead of just accepting the sign-in service du jour like Facebook, Twitter, Yahoo, or Google. Still, I never got set up with OpenID on ginatrapani.org because my perceived hassle factor was daunting. Instead, I used idproxy.net for my OpenID and put the domain setup on my “someday I have to do that” list. It meant that my OpenID was ginatrapani.idproxy.net instead of my own domain. Idproxy is a great service and I thank them for getting me started with OpenID; but still, I want my OpenID URL to be a domain name I own and control.
Turns out I was dead wrong about the hassle. Setting up OpenID capabilities on your own domain name is a two-lines-of-HTML affair, and it’s finally done. (Thanks to Chris Messina for bringing me into the year 2006.) If you’re interested in doing the same, here’s what to know.
First, Google Profiles (and, it turns out, idproxy.net and ClaimID and a bunch of other OpenID providers) can work with your domain name, so all I have to do is add a few <link rel>
tags to your HTML to get things set up. Second, you can specify multiple OpenID providers, so if idproxy.net was down or Google Profiles was down, you can have a provider fallback. Sweet. Now, in the <head>
tags of ginatrapani.org you will find the following:
<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" >
<link rel="openid2.local_id" href="http://www.google.com/profiles/ginatrapani" >
That sets Google Profiles as the authorizing party for my OpenID, but my OpenID URL is ginatrapani.org. You can see my new OpenID in action right here; I signed into this very site with my new OpenID and posted a comment.
I’m not sure yet how to set Idproxy as my “fallback” provider just yet; if you know how to do that, post it up in the comments.
Thanks to the folks in this Stack Overflow thread for clearing up how to use Google Profiles as an OpenID provider and to Chris for a great discussion of OpenID, OAuth, and verifying identity on the web.
121 Comments
jamesenloe.com/
Ha! Look at that, it works. Thanks, Gina!
scrivle.com/
Wow, thanks Gina. It obviously worked for me!
bradleclerc.com/
Damn cool. Is there any way to modify the username it returns to something other than the OpenID url? It would be nice to set a proper username instead of having it be a url.
Still though, awesomeness that I will use like mad.
Jason Barone
Wow, this is great. Definitely makes remembering your OpenID very easy.
markhnichols.com/
Hey, it works! How cool is this?
Excellent tip, thank you.
Mark
Pies
Yay ๐ Now if only I could have it download my avatar from the Google profile.
ginatrapani.org/
Hooray! So nice to see all these custom domain name OpenID’s!
Sean Cronin
It works! Thanks! Now I don’t have to lookup that nasty Google OpenID url every time I want to login with OpenID.
Jeremy
Glad to see you post this Gina. Listened to TWiG today and the entire segment with Chris Messina felt like deja vu of the past couple of days of what I was looking to accomplish with my domain and newly installed WordPress installation. I could not get the OpenID plugin to work with delegation to Google. The option for delegation is there, just wouldn’t work with Google. So I found a small plugin that was updated by coderich.net that would allow delegation to Google without having to edit WordPress themes directly. I went this route, as I would like the delegation to persist through theme changes without me having to remember to add the tags manually, (that’s if the plugin works as it should).
Sean Cronin
A note for other commenters: if you already have an account on Smarterware, log in with that account. Then go to your profile and associate your OpenID with it. That way you don’t end up making two different accounts.
cstechblog.com/
Gina, if using XHTML on your site (like Blogger for instance) you need to properly close the link element. So in your example, adding a simple “/” before the closing “>” in each of the two tags is needed. Otherwise, this worked like a charm.
brucealdridge.com/
thanks Gina!
kgautreaux.net/
A great tip Gina. Thank you.
kestrelsaerie.us/
That is SO easy, simple, amazing. I went through a lot more hoops than I thought was necessary to set up an OpenID with MyOpenID (don’t get me wrong, good folks, and it works), but this is Soooooo much easier!
And while I have your attention…since I probably missed it somewhere, I’m interested in the headset you use for TWiG. ๐
Thanks, Gina!
portalstorm.net/
Awesome, thanks for the tip. ๐
benjaminneely.com/
thanks.
corriveau.ca/
Works here too, yay.
hrsa.ru/
Yay, it works!
neely615
But the only problem is, now we all have the same generic avatar (this is the same ben as above). I liked having an avatar.
eleventwentysix.com/
Finally something useful from Google ๐
jtfburgess
That works so well. Thanks for the info.
espartha.com/
Nice ๐
I remember a WordPress plugin that do the trick, don’t remember why I uninstall (maybe didn’t work properly with some version)
automattack.net/
Well sweet! I didn’t want to use Google, but I found instructions for delegating OpenID to ClaimID
http://claimid.com/openid#delegate
add similar two lines:
dogboi
I use getopenid.com as my provider, and checked and they do indeed allow me to delegate, so I just did it. I was excited when I heard Chris mentioning on TWiG, but I was in the car and had to wait to get home to do it. lol.
dusing.com/
I’m in!
coach.gs/
Hey… that was pretty cool! Thanks Gina!
geoffmanning.info/
cool
sethgoldstein.net/
OMG Gina That’s brilliant and really easy! Thank you for sharing! You Rock! Love TWiG
David Mays
That was amazingly simple.
Harry Trinidad
From the noob blogger: Which file do I write these lines in?
ibbers.net/
nice…
thanks gina ๐
petercowan.com/
awesome!
blog.ademagnaye.com/
And it works! Thanks Gina! That was so simple I’m suprised nobody wrote about this earlier.
ramositllc.com/
Sweet
Steve Pelletier
I used a different approach that did not require putting the html code in the header. myOpenID For Domains lets you set up openid.smarterware.org as a server by adding a DNS entry for your chosen subdomain(s) to the myOpenID servers. By pointing a DNS cname for your OpenID subdomain to myOpenID, they serve OpenID identity pages on your behalf.
janolepeek.com/
That is awesome! I heard this on TWIG but didn’t believe it was truly this easy. But it is. Thanks for the post!
sechodb.com/
That was really an eye opener. Thank you! ๐
stevegubbins.com/
Ok, that’s pretty cool. Next….
mikaelsuomela.com/
Thank you Gina! This tip is great and so is Twig!
wiesbeck.net/
Not bad at all, thanks for the hint!
olacarlsson.com/
Nice one Gina. Fanx
jakob.cosoroaba.ro/
Awsome ๐
franziska.fr/
Thank you – really helpful hint!
claire-blackshaw.com/
Soo helpful! Thanks Gina
betoruizalonso.com/
It worked! Thanks Gina!
nathanmabry.com/
Likewise, heard on TWIG, thanks for showing us how.
hungry-media.com/
Slick and simple. Thanks for the tip.
DRHamp
How awesome is this!!
nticompassinc.com/user/nticom…
OpenID FTW.
jasonsvela.com/
Thank you for the info! Amazingly simple and quick to enable. Cool stuff. ๐
steinbring.net/
Very cool! Thanks!
Matt Morgan
Has anyone figured out how to do this with a Google Sites site?
perpetualbeta.com/
Hmmm. This works… but how do I set my user id as my name, rather than my domain?
Chad Egeland
Thanks for the write up on how to easily enable OpenID on your own domain.
Jeffrey Stevison
Thanks for the info Gina. Works great. I’m logged in here with my new OpenID!
chrisheath
Thanks for informing us about this. I too assumed that doing this would be a hassle, but it was super easy!
and by the way, don’t forget to upgrade to wordpress3!
icarrique
woooaaaauuuu…. i dont know any of html and it works!… jajajaja
gina once again thanks!
from Buenos Aires,
schenkenberg.nl/
Incredible! That was easy:)
Thank you Gina & TWIG!
michelbertrand.ca/
Hello Gina,
I was listening to TWIG 47 in the car yesterday morning as saying to myself “I have to try this”!
Thanks for posting the 2 lines of code required to accomplish this. Works like a charm!
Have a great weekend ๐
michelbertrand.ca/
Forgot to ask: which OpenID WordPress plugin are you using on this site?
Matt Jacob
Nifty! I was using myOpenID with a subdomain that I own/control, but this is even shorter and more portable. Thanks for the tip.
Matt Jacob
@perpetualbeta.com Go here: http://smarterware.org/wp-admin/profile.php
dcarns.tumblr.com/
Thrilled with this tip.
Thanks.
Mark
Also, if you have your blog on blogger.com (such as I do), these meta tags are already present, so you don’t have to change anything.
This is unbearably cool ๐
paulm.us/
Awesome. OpenID on my domain. Thanks Gina and Chris!!
John Bradley
Having backup providers requires you to create a XRDS document and pointing to it via a meta tag.
Use whatever URI you intend to put the XRDS file at.
The XRDS needs to look something like
http://specs.openid.net/auth/2.0/signon
https://www.google.com/accounts/o8/ud?source=profiles
ttp://www.google.com/profiles/ginatrapani
http://specs.openid.net/auth/2.0/signon
http://openid.net/sreg/1.1
https://pip.verisignlabs.com/server
http://ginatrapani.pip.verisignlabs.com/
Not all openID RP correctly implement full discovery, I know the DotNetOpenAuth works.
There are probably only tens of people with backup OPs so this feature is not well supported.
I hope this helps.
Regards
John B.
John Bradley
Sorry apparently the Wiki eats XML.
dimitristzouris.org/
This is so sweet! Thanks!
bayardo.org/
Neat.
philippegambling.com/
So easy! Thanks Gina.
calumny.org/
Works nicely. Thanks!
binaryfever.com/
Thanks so much for this.
openid.pixelsonly.com/
Work perfect! Thanks.
tomcurran.org/
Something I was really wanting. Thanks a lot Gina and Chris.
Walter Reade
Okay . . . that’s pretty cool. Looks like I’m *finally* going to start taking OpenID seriously.
larryanderson.org/
Excellent tip! One thing: on Blogger, just remember to make sure to put “/” before the closing “>” in each tag or else it won’t work.
robertjames.me/
Woo Hoo. Works. Thanks.
contact.fullxri.com/contact/=na…
Since John’s post did not come out nicely, I created a blog entry on “How to set up openid on your own domain with fallback provicer”
http://www.sakimura.org/en/modules/wordpress/how-to-set-up-openid-on-your-own-domain-with-fallback-proivder/
bluepojo.com/
Cool!
stevestr.org/
Is this thing on? Sorry.
timbulkeley.com/
Thanks ๐ It seems to work too!
danielo.org/
Cool — this worked for THIS login, but when I try it at Phixr.com, I get “failed to find openid.server tag…” — ???
Paul Walker
Doesn’t work if you’re hosted on Google Apps, which is somewhat ironic ;-).
onlyidiotsassume.co.uk/blog/
Thanks Gina!!
If you happen to use a header redirect on your index page (send to a blog folder for example) you need to point at a page which actually has the openID lines as the auth system will not follow the redirects (not sure why!!)
jamesakadamingo @ onlyidiotsassume.co.uk
danielo.org/
@jamesakadamingo — I’m using a header redirect on my domain, and it’s working for me without having the openID lines in the end page.
jeffgauger.com/
Thanks Gina!!!
eapen.in/
Awesome, thanks for the tip Gina!
eapen.in/
tst
davidmejia.net/
Trying it out now. Thanks Gina.
bluecentre.net/
test.
86rin.com/
crazy easy cheers for the tips
bbspot.com/
Thanks for the tip Gina. Just set up my OpenID on my site to leave this comment.
kevin.lebleu.info/
Wow! That really is easy!
id.tlocke.org.uk/
You can use http://www.own-id.com/ to use your own domain as an OpenId, no HTML needed.
amid.com/openid.html
Hey, it works for me too!
amid.com/
Let’s try this again. Ok, looks better.
irrationaldad.com/
Good lord I can’t believe how easy that was! Too bad I can’t have a profile image that is consistent anywhere I login with my openID.
benferguson.org/
Great tip as always, Gina. Thanks!
chris.thelawsonhq.com/
pretty sweet. Thanks for the tip!
created a subdomain so that i can use different accounts under the same domain. Schnaazy!
markus.jork.com/
Thanks for providing an openID playground here!
kaivana.co.uk/
wow this is cool.
id.deborniol.com/
Using https://www.myopenid.com/ it is also pretty easy to set up an OpenID on a subdomain of your own domain (using a CNAME). That way whenever you want to change OpenID provider, you can simply change the CNAME.
cece
Good to be able to use your own domain for an openID…
BUT this does not automatically mean more “safety” :
Doesn’t this imply that you now need to make sure you’ll own this domain “forever” (and this is not free!) ?
Because the day you lose the domain name, you lose your openID, and all your accounts registered with it on any sites may then not only be lost for you… but also can be “stolen” by whoever takes the ownership of what was your domain.
He can now just redirect your former openID url to some openID provider where he will authenticate himeself… then access to what were your accounts.
And you won’t even be able to access or delete these accounts anymore.
Or am I wrong ?
jamesphare.org/
Thank you. This is a very helpful, simple tutorial.
coresite.org/
Very helpful, thanks for posting this ๐
mikecarlucci.me/
Awesome! openID always seemed more complicated than it should be. Guess it wasn’t after all ๐
skeemer.net/
Thanks for this post! I heard about it on TWiG. I modified the MyOpenID WordPress plugin to work with Google Profile. Gonna try and get it added permanently so that it is easy to setup in WordPress without modifying the template.
brianhanifin.com/
Neat-o burrito! Now how do I get the trailing slash out of my openid?
brianhanifin.com
Nevermind, I figured out you can edit your WordPress (aka smarterware.org) profile. ๐
sandeshkumard.wordpress.com/
Awesome article! this is from my openid! ๐
andrewcrook.com/
Thanks Gina. Another fantastic tip!
Khรยผrt Williams
Great article, Gina. If you are using a WordPress blog there is an OpenID plug-in that enables the use of your blog URL as an OpenID. That’s the way I setup my blog in 2006.
mikeseyfang.com/
Got my OpenID delegation to google profile sorted – thanks for the tip. (but I gotta say it was hard to find in the ‘show notes’)
fang
symbiont.net/rock/
I had been delegating to Verisign PIP – https://pip.verisignlabs.com/ – previously. That has some interesting features but would rather use Google. Didn’t realize they supported this. Thanks for the tip.
Jordan Conway
Just testing this out… Wondering if there’s a way to get a profile pic incorporated.
google.com/profiles/bh…
This was my first introduction to OpenID and utilizing one of my existing services (Google Profiles) just makes jumping into this open authentication environment that much more of a no-brainer. It is these smaller features of Google products that need to be advertised more.
buzzingup.com/
Gina,
Very nice tip and also I was wondering is there any way to add link open id with google apps email id other then gmail.com
google.com/profiles/bo…
Testing openid
Jon Byrne
Wow I am a week behind on your posts. This is fantastic, 30 seconds and all up and running.
Thanks Gina.
oldmeadow.com/
This tip was full of win! Gina, you rock!
greigtaylor.com/
Thanks Gina!