How to Set Up OpenID on Your Own Domain

June 17, 2010

For some reason I was under the mistaken impression that setting up an OpenID on my own domain, ginatrapani.org, would be a big hassle: that I'd have to host my own OpenID server software and that it would take all sorts of installation and maintenance BS to do so. I feel strongly about owning my identity online, mapping it to my nameplate domain, and actively choosing an authorizing party instead of just accepting the sign-in service du jour like Facebook, Twitter, Yahoo, or Google. Still, I never got set up with OpenID on ginatrapani.org because my perceived hassle factor was daunting. Instead, I used idproxy.net for my OpenID and put the domain setup on my "someday I have to do that" list. It meant that my OpenID was ginatrapani.idproxy.net instead of my own domain. Idproxy is a great service and I thank them for getting me started with OpenID; but still, I want my OpenID URL to be a domain name I own and control.

Turns out I was dead wrong about the hassle. Setting up OpenID capabilities on your own domain name is a two-lines-of-HTML affair, and it's finally done. (Thanks to Chris Messina for bringing me into the year 2006.) If you're interested in doing the same, here's what to know.

First, Google Profiles (and, it turns out, idproxy.net and ClaimID and a bunch of other OpenID providers) can work with your domain name, so all I have to do is add a few <link rel> tags to your HTML to get things set up. Second, you can specify multiple OpenID providers, so if idproxy.net was down or Google Profiles was down, you can have a provider fallback. Sweet. Now, in the <head> tags of ginatrapani.org you will find the following:

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" >
<link rel="openid2.local_id" href="http://www.google.com/profiles/ginatrapani" >

That sets Google Profiles as the authorizing party for my OpenID, but my OpenID URL is ginatrapani.org. You can see my new OpenID in action right here; I signed into this very site with my new OpenID and posted a comment.

I'm not sure yet how to set Idproxy as my "fallback" provider just yet; if you know how to do that, post it up in the comments.

Thanks to the folks in this Stack Overflow thread for clearing up how to use Google Profiles as an OpenID provider and to Chris for a great discussion of OpenID, OAuth, and verifying identity on the web.

Ha! Look at that, it works. Thanks, Gina!

James Enloe [+1]
Jun 17 10 at 1:56 pm

Wow, thanks Gina. It obviously worked for me!

Yew-wei Tan [+1]
Jun 17 10 at 1:59 pm

Damn cool. Is there any way to modify the username it returns to something other than the OpenID url? It would be nice to set a proper username instead of having it be a url.

Still though, awesomeness that I will use like mad.

Brad Leclerc
Jun 17 10 at 2:00 pm

Wow, this is great. Definitely makes remembering your OpenID very easy.

Jason Barone [+3]
Jun 17 10 at 2:06 pm

Hey, it works! How cool is this?

Excellent tip, thank you.
Mark

Yay :) Now if only I could have it download my avatar from the Google profile.

Pies [+11]
Jun 17 10 at 2:38 pm

Hooray! So nice to see all these custom domain name OpenID’s!

ginatrapani.org/ [+1]
Jun 17 10 at 2:52 pm

It works! Thanks! Now I don’t have to lookup that nasty Google OpenID url every time I want to login with OpenID.

Sean Cronin [+4]
Jun 17 10 at 3:10 pm

Glad to see you post this Gina. Listened to TWiG today and the entire segment with Chris Messina felt like deja vu of the past couple of days of what I was looking to accomplish with my domain and newly installed WordPress installation. I could not get the OpenID plugin to work with delegation to Google. The option for delegation is there, just wouldn’t work with Google. So I found a small plugin that was updated by coderich.net that would allow delegation to Google without having to edit WordPress themes directly. I went this route, as I would like the delegation to persist through theme changes without me having to remember to add the tags manually, (that’s if the plugin works as it should).


Jun 17 10 at 3:13 pm

A note for other commenters: if you already have an account on Smarterware, log in with that account. Then go to your profile and associate your OpenID with it. That way you don’t end up making two different accounts.

Sean Cronin [+4]
Jun 17 10 at 3:13 pm

Gina, if using XHTML on your site (like Blogger for instance) you need to properly close the link element. So in your example, adding a simple “/” before the closing “>” in each of the two tags is needed. Otherwise, this worked like a charm.

cstechblog.com/
Jun 17 10 at 3:37 pm

thanks Gina!

Bruce Aldridge
Jun 17 10 at 3:52 pm

A great tip Gina. Thank you.

kgautreaux.net/
Jun 17 10 at 3:53 pm

That is SO easy, simple, amazing. I went through a lot more hoops than I thought was necessary to set up an OpenID with MyOpenID (don’t get me wrong, good folks, and it works), but this is Soooooo much easier!

And while I have your attention…since I probably missed it somewhere, I’m interested in the headset you use for TWiG. :)

Thanks, Gina!

Awesome, thanks for the tip. :D

thanks.

Works here too, yay.

corriveau.ca/
Jun 17 10 at 5:10 pm

Yay, it works!

hrsa.ru/
Jun 17 10 at 5:15 pm

But the only problem is, now we all have the same generic avatar (this is the same ben as above). I liked having an avatar.

neely615 [+1]
Jun 17 10 at 5:18 pm

Finally something useful from Google ;)

That works so well. Thanks for the info.

jtfburgess
Jun 17 10 at 5:27 pm

Nice :)
I remember a WordPress plugin that do the trick, don’t remember why I uninstall (maybe didn’t work properly with some version)

espartha.com/
Jun 17 10 at 5:40 pm

Well sweet! I didn’t want to use Google, but I found instructions for delegating OpenID to ClaimID
http://claimid.com/openid#delegate

add similar two lines:

1
 

I use getopenid.com as my provider, and checked and they do indeed allow me to delegate, so I just did it. I was excited when I heard Chris mentioning on TWiG, but I was in the car and had to wait to get home to do it. lol.

dogboi [+4]
Jun 17 10 at 6:20 pm

I’m in!

dusing.com/
Jun 17 10 at 6:27 pm

Hey… that was pretty cool! Thanks Gina!

coach.gs/
Jun 17 10 at 6:35 pm

cool

OMG Gina That’s brilliant and really easy! Thank you for sharing! You Rock! Love TWiG

That was amazingly simple.

David Mays
Jun 17 10 at 7:36 pm

From the noob blogger: Which file do I write these lines in?

Harry Trinidad
Jun 17 10 at 7:40 pm

nice…

thanks gina :)

ibbers.net/
Jun 17 10 at 8:01 pm

awesome!

petercowan.com/
Jun 17 10 at 8:09 pm

And it works! Thanks Gina! That was so simple I’m suprised nobody wrote about this earlier.

Sweet

ramositllc.com/
Jun 17 10 at 8:19 pm

I used a different approach that did not require putting the html code in the header. myOpenID For Domains lets you set up openid.smarterware.org as a server by adding a DNS entry for your chosen subdomain(s) to the myOpenID servers. By pointing a DNS cname for your OpenID subdomain to myOpenID, they serve OpenID identity pages on your behalf.

Steve Pelletier
Jun 17 10 at 8:22 pm

That is awesome! I heard this on TWIG but didn’t believe it was truly this easy. But it is. Thanks for the post!

janolepeek.com/
Jun 17 10 at 8:24 pm

That was really an eye opener. Thank you! :D

sechodb.com/
Jun 17 10 at 8:38 pm

Ok, that’s pretty cool. Next….

Thank you Gina! This tip is great and so is Twig!

Not bad at all, thanks for the hint!

wiesbeck.net/
Jun 18 10 at 12:23 am

Nice one Gina. Fanx

Awsome :)

Thank you – really helpful hint!

franziska.fr/
Jun 18 10 at 1:19 am

Soo helpful! Thanks Gina

It worked! Thanks Gina!

Likewise, heard on TWIG, thanks for showing us how.

nathanmabry.com/ [+1]
Jun 18 10 at 4:56 am

Slick and simple. Thanks for the tip.

How awesome is this!!

DRHamp
Jun 18 10 at 5:55 am

OpenID FTW.

Thank you for the info! Amazingly simple and quick to enable. Cool stuff. :D

jasonsvela.com/
Jun 18 10 at 7:17 am

Very cool! Thanks!

steinbring.net/
Jun 18 10 at 7:36 am

Has anyone figured out how to do this with a Google Sites site?

Matt Morgan
Jun 18 10 at 8:48 am

Hmmm. This works… but how do I set my user id as my name, rather than my domain?

Thanks for the write up on how to easily enable OpenID on your own domain.

Chad Egeland
Jun 18 10 at 9:10 am

Thanks for the info Gina. Works great. I’m logged in here with my new OpenID!

Thanks for informing us about this. I too assumed that doing this would be a hassle, but it was super easy!

and by the way, don’t forget to upgrade to wordpress3!

chrisheath [+1]
Jun 18 10 at 9:19 am

woooaaaauuuu…. i dont know any of html and it works!… jajajaja

gina once again thanks!

from Buenos Aires,

icarrique
Jun 18 10 at 9:21 am

Incredible! That was easy:)

Thank you Gina & TWIG!

Hello Gina,

I was listening to TWIG 47 in the car yesterday morning as saying to myself “I have to try this”!

Thanks for posting the 2 lines of code required to accomplish this. Works like a charm!

Have a great weekend :)

michelbertrand.ca/ [+3]
Jun 18 10 at 9:39 am

Forgot to ask: which OpenID WordPress plugin are you using on this site?

michelbertrand.ca/ [+3]
Jun 18 10 at 9:48 am

Nifty! I was using myOpenID with a subdomain that I own/control, but this is even shorter and more portable. Thanks for the tip.

Matt Jacob [+1]
Jun 18 10 at 10:23 am

@perpetualbeta.com Go here: http://smarterware.org/wp-admin/profile.php

Matt Jacob [+1]
Jun 18 10 at 10:23 am

Thrilled with this tip.

Thanks.

Also, if you have your blog on blogger.com (such as I do), these meta tags are already present, so you don’t have to change anything.

This is unbearably cool :)

Mark [+8]
Jun 18 10 at 10:59 am

Awesome. OpenID on my domain. Thanks Gina and Chris!!

paulm.us/
Jun 18 10 at 11:11 am

Having backup providers requires you to create a XRDS document and pointing to it via a meta tag.

Use whatever URI you intend to put the XRDS file at.

The XRDS needs to look something like

http://specs.openid.net/auth/2.0/signon
https://www.google.com/accounts/o8/ud?source=profiles
ttp://www.google.com/profiles/ginatrapani

http://specs.openid.net/auth/2.0/signon
http://openid.net/sreg/1.1
https://pip.verisignlabs.com/server
http://ginatrapani.pip.verisignlabs.com/

Not all openID RP correctly implement full discovery, I know the DotNetOpenAuth works.

There are probably only tens of people with backup OPs so this feature is not well supported.

I hope this helps.
Regards
John B.

John Bradley [+1]
Jun 18 10 at 11:29 am

Sorry apparently the Wiki eats XML.

John Bradley [+1]
Jun 18 10 at 11:31 am

This is so sweet! Thanks!

Neat.

bayardo.org/
Jun 18 10 at 2:08 pm

So easy! Thanks Gina.

Works nicely. Thanks!

calumny.org/
Jun 18 10 at 2:29 pm

Thanks so much for this.

Fred McHale [+1]
Jun 18 10 at 2:39 pm

Work perfect! Thanks.

Something I was really wanting. Thanks a lot Gina and Chris.

tomcurran.org/
Jun 18 10 at 4:08 pm

Okay . . . that’s pretty cool. Looks like I’m *finally* going to start taking OpenID seriously.

Walter Reade
Jun 18 10 at 4:30 pm

Excellent tip! One thing: on Blogger, just remember to make sure to put “/” before the closing “>” in each tag or else it won’t work.

Larry Anderson
Jun 18 10 at 5:25 pm

Woo Hoo. Works. Thanks.

robertjames.me/
Jun 18 10 at 5:56 pm

Since John’s post did not come out nicely, I created a blog entry on “How to set up openid on your own domain with fallback provicer”

http://www.sakimura.org/en/modules/wordpress/how-to-set-up-openid-on-your-own-domain-with-fallback-proivder/

Cool!

bluepojo.com/
Jun 18 10 at 6:05 pm

Is this thing on? Sorry.

stevestr.org/
Jun 18 10 at 6:07 pm

Thanks :) It seems to work too!

Cool — this worked for THIS login, but when I try it at Phixr.com, I get “failed to find openid.server tag…” — ???

danielo [+1]
Jun 18 10 at 8:38 pm

Doesn’t work if you’re hosted on Google Apps, which is somewhat ironic ;-) .

Paul Walker
Jun 18 10 at 10:20 pm

Thanks Gina!!

If you happen to use a header redirect on your index page (send to a blog folder for example) you need to point at a page which actually has the openID lines as the auth system will not follow the redirects (not sure why!!)

jamesakadamingo @ onlyidiotsassume.co.uk

@jamesakadamingo — I’m using a header redirect on my domain, and it’s working for me without having the openID lines in the end page.

danielo [+1]
Jun 19 10 at 2:28 pm

Thanks Gina!!!

JeffG
Jun 19 10 at 4:44 pm

Awesome, thanks for the tip Gina!

eapen.in/ [+1]
Jun 20 10 at 6:19 am

tst

eapen.in/ [+1]
Jun 20 10 at 6:29 am

Trying it out now. Thanks Gina.

davidmejia.net/
Jun 20 10 at 7:49 am

test.

bluecentre.net/
Jun 20 10 at 6:33 pm

crazy easy cheers for the tips

86rin.com/
Jun 21 10 at 4:42 am

Thanks for the tip Gina. Just set up my OpenID on my site to leave this comment.

bbspot.com/
Jun 21 10 at 6:47 am

Wow! That really is easy!

You can use http://www.own-id.com/ to use your own domain as an OpenId, no HTML needed.

Hey, it works for me too!

Let’s try this again. Ok, looks better.

amid.com/
Jun 21 10 at 4:15 pm

Good lord I can’t believe how easy that was! Too bad I can’t have a profile image that is consistent anywhere I login with my openID.

Great tip as always, Gina. Thanks!

pretty sweet. Thanks for the tip!

created a subdomain so that i can use different accounts under the same domain. Schnaazy!

Thanks for providing an openID playground here!

wow this is cool.

kaivana.co.uk/
Jun 23 10 at 2:15 am

Using https://www.myopenid.com/ it is also pretty easy to set up an OpenID on a subdomain of your own domain (using a CNAME). That way whenever you want to change OpenID provider, you can simply change the CNAME.

Good to be able to use your own domain for an openID…

BUT this does not automatically mean more “safety” :
Doesn’t this imply that you now need to make sure you’ll own this domain “forever” (and this is not free!) ?
Because the day you lose the domain name, you lose your openID, and all your accounts registered with it on any sites may then not only be lost for you… but also can be “stolen” by whoever takes the ownership of what was your domain.
He can now just redirect your former openID url to some openID provider where he will authenticate himeself… then access to what were your accounts.
And you won’t even be able to access or delete these accounts anymore.

Or am I wrong ?

cece
Jun 24 10 at 3:24 pm

Thank you. This is a very helpful, simple tutorial.

jamesphare.org
Jun 25 10 at 7:38 am

Very helpful, thanks for posting this :)

coresite.org
Jun 27 10 at 4:49 pm

Awesome! openID always seemed more complicated than it should be. Guess it wasn’t after all :)

mikecarlucci.me/ [+2]
Jun 29 10 at 7:08 am

Thanks for this post! I heard about it on TWiG. I modified the MyOpenID WordPress plugin to work with Google Profile. Gonna try and get it added permanently so that it is easy to setup in WordPress without modifying the template.

skeemer.net/
Jun 30 10 at 1:46 am

Neat-o burrito! Now how do I get the trailing slash out of my openid?

Brian Hanifin [+5]
Jul 3 10 at 7:09 pm

Nevermind, I figured out you can edit your WordPress (aka smarterware.org) profile. :)

Brian Hanifin [+5]
Jul 3 10 at 8:13 pm

Awesome article! this is from my openid! :)

Thanks Gina. Another fantastic tip!

Great article, Gina. If you are using a WordPress blog there is an OpenID plug-in that enables the use of your blog URL as an OpenID. That’s the way I setup my blog in 2006.

Khürt Williams [+1]
Jul 12 10 at 6:18 am

Got my OpenID delegation to google profile sorted – thanks for the tip. (but I gotta say it was hard to find in the ‘show notes’)
fang

I had been delegating to Verisign PIP – https://pip.verisignlabs.com/ – previously. That has some interesting features but would rather use Google. Didn’t realize they supported this. Thanks for the tip.

Just testing this out… Wondering if there’s a way to get a profile pic incorporated.

Jordan Conway
Jul 15 10 at 5:58 am

This was my first introduction to OpenID and utilizing one of my existing services (Google Profiles) just makes jumping into this open authentication environment that much more of a no-brainer. It is these smaller features of Google products that need to be advertised more.

Brad Hachez
Jul 18 10 at 11:23 am

Gina,

Very nice tip and also I was wondering is there any way to add link open id with google apps email id other then gmail.com

buzzingup.com/
Jul 18 10 at 12:54 pm

Testing openid

Wow I am a week behind on your posts. This is fantastic, 30 seconds and all up and running.

Thanks Gina.

Jon Byrne
Jul 25 10 at 1:02 pm

This tip was full of win! Gina, you rock!

oldmeadow.com/
Jul 26 10 at 11:07 pm

Thanks Gina!



Comments are closed. Thanks for reading!