From today, this blog will be supporting OpenID authentication [edit: support removed, see the comments], meaning that it is possible to log in and comment using such familiar login names like the ones that you already have at Google.com, Yahoo, LiveJournal, Blogger, Flickr, MySpace, WordPress.com or elsewhere. (Read more from here.) Open registration to this site appeared only to attract spammers, and there are many benefits from using OpenID. And if you are interested in implementing OpenID authenticating at your own site, it is relatively easy these days. (Setting it up into this blog took less than 10 minutes, hooray! 🙂
6 thoughts on “Moving to OpenID”
Ok, guess it wasn’t quite so easy. My first attempt to login with an OpenID (my Gmail account) produced a “500 – Internal server error”. Shame — any tips from someone who has been able to install OpenID plugin successfully to a WordPress blog running on a Windows Server are most welcome!
Implementing OpenID login got more and more complicated as I looked further into this. Currently I am getting “certificate verify failed” error when trying to log in using my Gmail ID. I have tried the tips that are available in the FAQ page (here: http://wordpress.org/extend/plugins/openid/faq/). The plugin seems to rely on secure SSL transaction protocol, and this is apparently connected to the CA (certificate authority) verification about my identity. Getting a commercial, domain level CA certificate appears to cost few hundred euros per year (Verisign’s one year SSL secure site offer is $399 per year). Even while I like OpenID, I am not ready to pay those sums just for increased ease of login options. The plugin FAQ page nevertheless confirms: “Be aware that you will almost certainly have trouble with this if you are not using a certificate purchased from a well-known certificate authority.”
A commercial SSL cert is only necessary if you want to use SSL with the built-in OpenID provider. For example, if I wanted to use https://willnorris.com/ as my OpenID instead of just http://willnorris.com/. It is not necessary for consumer HTTPS OpenIDs. What **does** effect this however is the CA cert bundle on your server (the second FAQ item)
All that being said, it does look like there is either something setup weird on your server, or a bug in the OpenID plugin… I keep getting an OpenID log message displayed when I submit this comment form.
Thanks Will, I appreciate the comment. I will continue to debug this setup when I have again more time at my hands. My gut reaction is that this must be yet another issue where Windows Server 2008 environment is not completely similar from e.g. Linux, which appears to be much more common as the development and production environments of WordPress blogs. But then again, this might be related to something else. I did put the error reporting to “detailed” mode in IIS7, and it continues to display this when I try to login using my Gmail ID:
This error continues to bug me. I now even went out and bought a commercial SSL certificate for unet.fi domain (hopefully it will be useful also in some other occasion), installed it to IIS7 web server, all seems to be fine now and SSL/HTTPS communications enabled through the firewall (port 443 forward set), but no. The same “certificate verify failed” error persists. It now seems likely I need to dig deeper into how cURL has been implemented in Windows Server 2008/IIS7/PHP5. I did found this page of instruction (http://www.vividreflection.com/blog/secret-to-curl-in-php-on-windows/ ), but unfortunately the cURL archives it links to do not seem to hold any “curl-ca-bundle.crt” file any more, so that set of instructions does not work. OpenID plugin page reports that its status is OK:
Unfortunately I could not get the OpenID plugin to work with my site. I tried to hack cURL and play with various DLL files and CA certificate bundles to get the OpenID authentication to work, but it just did not happen. Also, while testing the SSL functionality I installed “Admin SLL” plugin, but that would put my WordPress login screen into an infinite loop — nasty! From my perspective, it looks like there are still a couple of things to sort out before the authentication technologies really have the “out of the box” level of reliability that would appeal to a regular user. Sad, but that is really the case for me at least, at the moment.
Comments are closed.