How to use as an OpenID provider

by Matt 16. April 2009 17:39


One of the nice things about OpenID is that just about anyone can be an identity provider. Indeed, that’s pretty much the point.

OpenID is just a URL. Specifically, a URL that uniquely identifies you and that you and only you have control over.

You know, like your blog address.

So let’s make be an OpenID. Turns out, it’s dead easy.

1. Go and get an OpenID

What? Did you think we’d do the heavy lifting ourselves? No, no, no. Friends don’t let friends try and implement security protocols. Leave it to the professionals.

Put it this way – I don’t even want to have to get https working as a part of my blog, let alone implement OpenID security exchanges.

I used the guide available at Will Norris’ site to help make a choice of which 3rd party to help decide which to go for. As far as I can see, the two best choices are MyOpenID and MyVidoop. Both look like very good providers, offering just about everything – attribute exchange, personas - but I went with MyOpenID because they support logging in using CardSpace (we have history).

So, my OpenID is

2. But I thought you said you could use your blog address?!

Of course. OpenID supports delegation. This allows me to have an OpenID URL that delegates to another OpenID provider. In other words, when I try to log in to a site using this blog as an OpenID, this blog will actually delegate responsibility to the “real” OpenID provider, MyOpenID.

This is very easy to set up. You just need to add a few lines of HTML to your blog.

First, find the help pages for delegation for your OpenID provider. Here they are for MyOpenID, and here they are for MyVidoop.

Now log onto your instance of BlogEngine and go to the settings page. Towards the bottom of the page, there is a text box labelled “HTML Head Section”. Paste the HTML from the help pages into this box, and save.

This is what mine looks like:

<link rel="openid.server" href="" />
<link rel="openid.delegate" href="" />
<link rel="openid2.local_id" href="" />
<link rel="openid2.provider" href="" />
<meta http-equiv="X-XRDS-Location"
content="" />

Of course, these are my details – make sure to put yours in.

And don’t worry, I’m not showing you anything sensitive here. This information is plainly visible to everyone with a simple view source – there are no secrets here.

What this is doing is telling the web site you’re trying to log into that you have delegated your OpenID. You tell it the server it needs to speak to ( and who that server knows you as ( in my case).

3. Let’s log in to something!

The simplest was to test is to go to this checkup page, which will try and log in for you. Enter your blog address, ( in the text field and hit check. If all is well, you should see something like:


This shows that the checkup site, my blog and MyOpenID can all talk together properly.

Now click the “Try logging in” link.

This time, you should get redirected to your OpenID provider. Here, MyOpenID is telling me who is trying to authenticate ( and prompts me for my password (or Information Card – yay for phishing resistant logins!).


Once I’ve successfully authenticated with MyOpenID, I’m redirected back to the test page, where it confirms that everything is working as it should.


And there you have it.

Three simple steps, and now your blog is your OpenID. Go use it to log in to all those sites with the cute little openid-16x16 icons. Go on, shoo.

Tags: , ,


Month List


Comment RSS