Running your own IdP?
Matt Pelletier
matt at eastmedia.com
Tue Nov 7 01:00:47 UTC 2006
Brendan and Tommy,
On Oct 27, 2006, at 6:55 PM, Brendan O'Connor wrote:
> Using the PIP that is now part of Heraldry, we were able to use it
> here
> at Johns Hopkins to create an LDAP-linked IDP. Basically, you just set
> it up and then tell it to check with LDAP before doing what you
> want to
> protect (we just did account creation, but you might want it for every
> assertion).
>
> PIP's written in great Ruby, so it took about four lines, IIRC, to
> make
> this change; I'm sure you can figure it out fairly quickly, but if
> you'd
> like help, or a copy of our changes, you can eMail me offlist.
Thanks for the kind words (we wrote the Ruby IdP and plugin). We have
heard a few requests about integrating LDAP, so if you can share how
you did it, I can pass that along to the folks who've asked.
>
> ---Brendan O'Connor
>
> Tommy van der Vorst wrote:
>> I'd like to run my own identity provider linked to (maybe) an LDAP
>> or unix
>> directory backend. I found a lot of libraries for PHP and Python, but
>> neither of them seem to explain how to set up your own identity
>> provider.
>> I've found no examples of setting up your own IdP whatsoever.
You may have already found it by this point, but you can find the
Ruby IdP in the Apache Heraldry project's repository at:
http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk
There is helpful info in the README and INSTALL files in there.
http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk/INSTALL
http://svn.apache.org/repos/asf/incubator/heraldry/idp/pip/trunk/README
>>
>> Can someone explain me how I can set up my own IdP? I think this
>> should be
>> made easier to allow incorporation of OpenID in existing
>> authentication
>> structures.
We also wrote the OpenID Consumer Rails plugin. It is essentially a
tight, clean wrapper for JanRain's OpenID Ruby gem that uses best
practices and conventions for Rails plugins. This makes it dead
simple to extend your Rails app to become an OpenID consumer. This
plugin can be used in conjunction with common user silo idioms as
well. We wrote a simple demo application called 'Bookmarks' that is a
*very* lightweight implementation showing how you could combine the
Consumer plugin with conventional username/password login systems. In
our case we used the Acts As Authenticated plugin (in case you follow
this kind of thing). The current version needs to be updated (and
we'll probably add it into the Heraldry project as an example), but
if you're interested in trying it let me know.
More info is available here:
http://identity.eastmedia.com/identity/show/Consumer+Plugin
Let me know how it works out. We've made a few tweaks to
documentation lately based on some feedback.
Thanks,
Matt
------------------
Matt Pelletier
http://www.eastmedia.com -- EastMedia
http://www.informit.com/title/0321483502 -- The Mongrel Book
http://identity.eastmedia.com -- OpenID, Identity 2.0
>>
>> Tommy.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list