Subscribe
FollowHow to Set Up OpenID on Your Own Domain
For some reason I was under the mistaken impression that setting up an OpenID on my own domain, ginatrapani.org, would be a big hassle: that I'd have to host my own OpenID server software and that it would take all sorts of installation and maintenance BS to do so. I feel strongly about owning my identity online, mapping it to my nameplate domain, and actively choosing an authorizing party instead of just accepting the sign-in service du jour like Facebook, Twitter, Yahoo, or Google. Still, I never got set up with OpenID on ginatrapani.org because my perceived hassle factor was daunting. Instead, I used idproxy.net for my OpenID and put the domain setup on my "someday I have to do that" list. It meant that my OpenID was ginatrapani.idproxy.net instead of my own domain. Idproxy is a great service and I thank them for getting me started with OpenID; but still, I want my OpenID URL to be a domain name I own and control.
Turns out I was dead wrong about the hassle. Setting up OpenID capabilities on your own domain name is a two-lines-of-HTML affair, and it's finally done. (Thanks to Chris Messina for bringing me into the year 2006.) If you're interested in doing the same, here's what to know.
First, Google Profiles (and, it turns out, idproxy.net and ClaimID and a bunch of other OpenID providers) can work with your domain name, so all I have to do is add a few <link rel> tags to your HTML to get things set up. Second, you can specify multiple OpenID providers, so if idproxy.net was down or Google Profiles was down, you can have a provider fallback. Sweet. Now, in the <head> tags of ginatrapani.org you will find the following:
<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" >
<link rel="openid2.local_id" href="http://www.google.com/profiles/ginatrapani" >
That sets Google Profiles as the authorizing party for my OpenID, but my OpenID URL is ginatrapani.org. You can see my new OpenID in action right here; I signed into this very site with my new OpenID and posted a comment.
I'm not sure yet how to set Idproxy as my "fallback" provider just yet; if you know how to do that, post it up in the comments.
Thanks to the folks in this Stack Overflow thread for clearing up how to use Google Profiles as an OpenID provider and to Chris for a great discussion of OpenID, OAuth, and verifying identity on the web.
wow this is cool.
Jun 23 10 at 2:15 am
Using https://www.myopenid.com/ it is also pretty easy to set up an OpenID on a subdomain of your own domain (using a CNAME). That way whenever you want to change OpenID provider, you can simply change the CNAME.
Jun 23 10 at 4:36 pm
Good to be able to use your own domain for an openID…
BUT this does not automatically mean more “safety” :
Doesn’t this imply that you now need to make sure you’ll own this domain “forever” (and this is not free!) ?
Because the day you lose the domain name, you lose your openID, and all your accounts registered with it on any sites may then not only be lost for you… but also can be “stolen” by whoever takes the ownership of what was your domain.
He can now just redirect your former openID url to some openID provider where he will authenticate himeself… then access to what were your accounts.
And you won’t even be able to access or delete these accounts anymore.
Or am I wrong ?
Jun 24 10 at 3:24 pm
Thank you. This is a very helpful, simple tutorial.
Jun 25 10 at 7:38 am
Very helpful, thanks for posting this
Jun 27 10 at 4:49 pm
Awesome! openID always seemed more complicated than it should be. Guess it wasn’t after all
Jun 29 10 at 7:08 am
Thanks for this post! I heard about it on TWiG. I modified the MyOpenID Wordpress plugin to work with Google Profile. Gonna try and get it added permanently so that it is easy to setup in Wordpress without modifying the template.
Jun 30 10 at 1:46 am
Neat-o burrito! Now how do I get the trailing slash out of my openid?
Jul 3 10 at 7:09 pm
Nevermind, I figured out you can edit your Wordpress (aka smarterware.org) profile.
Jul 3 10 at 8:13 pm
Awesome article! this is from my openid!
Jul 9 10 at 3:27 am
Thanks Gina. Another fantastic tip!
Jul 10 10 at 2:35 pm
Great article, Gina. If you are using a Wordpress blog there is an OpenID plug-in that enables the use of your blog URL as an OpenID. That’s the way I setup my blog in 2006.
Jul 12 10 at 6:18 am
Got my OpenID delegation to google profile sorted – thanks for the tip. (but I gotta say it was hard to find in the ’show notes’)
fang
Jul 14 10 at 2:41 am
I had been delegating to Verisign PIP – https://pip.verisignlabs.com/ – previously. That has some interesting features but would rather use Google. Didn’t realize they supported this. Thanks for the tip.
Jul 14 10 at 10:25 am
Just testing this out… Wondering if there’s a way to get a profile pic incorporated.
Jul 15 10 at 5:58 am
This was my first introduction to OpenID and utilizing one of my existing services (Google Profiles) just makes jumping into this open authentication environment that much more of a no-brainer. It is these smaller features of Google products that need to be advertised more.
Jul 18 10 at 11:23 am
Gina,
Very nice tip and also I was wondering is there any way to add link open id with google apps email id other then gmail.com
Jul 18 10 at 12:54 pm
Testing openid
Jul 22 10 at 11:48 pm
Wow I am a week behind on your posts. This is fantastic, 30 seconds and all up and running.
Thanks Gina.
Jul 25 10 at 1:02 pm
This tip was full of win! Gina, you rock!
Jul 26 10 at 11:07 pm
Thanks Gina!
Aug 5 10 at 3:52 pm