Running your own IdP?

Matt Pelletier matt at eastmedia.com
Tue Nov 7 01:00:47 UTC 2006 

Brendan and Tommy,


On Oct 27, 2006, at 6:55 PM, Brendan O'Connor wrote:

> Using the PIP that is now part of Heraldry, we were able to use it  
> here
> at Johns Hopkins to create an LDAP-linked IDP. Basically, you just set
> it up and then tell it to check with LDAP before doing what you  
> want to
> protect (we just did account creation, but you might want it for every
> assertion).
>
> PIP's written in great Ruby, so it took about four lines, IIRC, to  
> make
> this change; I'm sure you can figure it out fairly quickly, but if  
> you'd
> like help, or a copy of our changes, you can eMail me offlist.

Thanks for the kind words (we wrote the Ruby IdP and plugin). We have  
heard a few requests about integrating LDAP, so if you can share how  
you did it, I can pass that along to the folks who've asked.

>
> ---Brendan O'Connor
>
> Tommy van der Vorst wrote:
>> I'd like to run my own identity provider linked to (maybe) an LDAP  
>> or unix
>> directory backend. I found a lot of libraries for PHP and Python, but
>> neither of them seem to explain how to set up your own identity  
>> provider.
>> I've found no examples of setting up your own IdP whatsoever.

You may have already found it by this point, but you can find the  
Ruby IdP in the Apache Heraldry project's repository at:

http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk

There is helpful info in the README and INSTALL files in there.

http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk/INSTALL
http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk/README

>>
>> Can someone explain me how I can set up my own IdP? I think this  
>> should be
>> made easier to allow incorporation of OpenID in existing  
>> authentication
>> structures.

We also wrote the OpenID Consumer Rails plugin. It is essentially a  
tight, clean wrapper for JanRain's OpenID Ruby gem that uses best  
practices and conventions for Rails plugins. This makes it dead  
simple to extend your Rails app to become an OpenID consumer. This  
plugin can be used in conjunction with common user silo idioms as  
well. We wrote a simple demo application called 'Bookmarks' that is a  
*very* lightweight implementation showing how you could combine the  
Consumer plugin with conventional username/password login systems. In  
our case we used the Acts As Authenticated plugin (in case you follow  
this kind of thing). The current version needs to be updated (and  
we'll probably add it into the Heraldry project as an example), but  
if you're interested in trying it let me know.

More info is available here:
http://identity.eastmedia.com/identity/show/Consumer+Plugin

Let me know how it works out. We've made a few tweaks to  
documentation lately based on some feedback.

Thanks,
Matt

------------------
Matt Pelletier
http://www.eastmedia.com -- EastMedia
http://www.informit.com/title/0321483502 -- The Mongrel Book
http://identity.eastmedia.com -- OpenID, Identity 2.0

>>
>> Tommy.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>

More information about the general mailing list