[OpenID] openID provider / server setting
Peter Williams
home_pw at msn.com
Tue Apr 14 21:06:02 UTC 2015
I didn't write my response well (or rather , the spell checker changed things without me noticing).
its perfectly normal, especially in corporate and US government contracting environments, for load balancers to be proxying locally-visible address with external addresses. Who knows on what local LAN addreses the listener is also listening, and exposing itself. who know which OTHER external addresses are also exposed (one for Saudi folk, another for Americas). such is the metadata subversion game played by spying agencies (and their consultants in standards committees, using their “special wording” skills).
what I find lacking in openid is a position that leads. I see lots of afraid contractors (wanting a large stipend for their govt division) or consultants who struggle to demo independence from undue “influence”.
having been in such spots myself, or having worked for many a defense contractor, I sympathize.
Sent from Windows Mail
From: Peter Williams
Sent: Monday, April 13, 2015 4:33 PM
To: John Bradley, Nat Sakimura
Cc: openid-general at lists.openid.net
Not source routing, but tls pricing.
Perfectly normal in us govt contractor environments (such as ca technologies) and sso.
Bur we can pretend otherwise.
Remember the difference between SSL v2 and ietf SSL v3 / tls. The latter should suddenly facilitated poroxyng, thanks to iesg (and a few academic grants of cash)
Sent from my Windows Phone
From: John Bradley
Sent: 4/13/2015 3:03 PM
To: Nat Sakimura
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] openID provider / server setting
Nothing stops TLS from working on the loopback. You just can’t access it from another computer without source routing and that would be nasty.
I take it that you want to run a AS and client on the same server as programming project.
I suspect that running the AS with a self signed certificate on a real IP address and accessing it from another computer would be easier.
One alternative might be to run a VM on your computer for the AS so that it can have it’s own network address. You can then run the client on your main computer.
Depending on the OS you can probably add entries to your hosts table to make it look nicer.
You can give https://bitbucket.org/PEOFIAMP/phpoidc a try that should be fairly readable code.
It should be fairly easy to set up. I suspect that fussing with self signed certs and your networks setting may take the longest.
I would use a VM like VerualBox as the AS myself, because I am lazy and it would be easier to debug.
John B.
On Apr 13, 2015, at 6:49 AM, Nat Sakimura <sakimura at gmail.com> wrote:
I am terribly sorry that I have missed your message.
A regular OP needs to serve over HTTPS. Thus, it cannot serve over 127.0.0.1, if that is what you mean by a locally hosted.
Instead, you can use Self-Issued provider, which you can find the info at:
http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued
Cheers,
Nat Sakimura
On Sat, Mar 21, 2015 at 5:19 PM Sam DT <samdt3263 at gmail.com> wrote:
Hi,
I want to make my own local host an openID provider for the purpose of a class assignment.
The relying party that i have configured should redirect the user to my localhost page where i have hosted the server for authentication.
Can you tell me if this is possible using any openID library?
I should be very thankful
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20150414/c6799f23/attachment.html>
-------------- next part --------------
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
More information about the general
mailing list