.. author:: Philipp Wensauer <mail@philippwensauer.com>
SimpleID is a simple, personal OpenID provider written in PHP.
We're using PHP in the stable version 7.1:
[isabell@stardust ~]$ uberspace tools version show php
Using 'PHP' version: '7.1'
[isabell@stardust ~]$
Your URL needs to be setup for web:
[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$
cd
to your document root, respectively the folder above, because not all files must/should be accessable via web, then download the latest release of SimpleID and extract it:
Note
The link to the lastest version can be found at SimpleID's download page.
[isabell@stardust ~]$ cd /var/www/virtual/$USER/
[isabell@stardust isabell]$ wget http://downloads.sourceforge.net/simpleid/simpleid-42.23.1.tar.gz
[isabell@stardust isabell]$ tar -xzf simpleid-42.23.1.tar.gz
[isabell@stardust ~]$
The folder containing the frontend needs to be accessible via web. To achieve this, a symlink is created linking to the www folder.
[isabell@stardust isabell]$ ln -s /var/www/virtual/$USER/simpleid/www/ ~/html/simpleid
[isabell@stardust ~]$
[isabell@stardust isabell]$ cp /var/www/virtual/$USER/simpleid/www/config.php.dist /var/www/virtual/$USER/simpleid/www/config.php
[isabell@stardust ~]$
[isabell@stardust isabell]$ rm simpleid-42.23.1.tar.gz
[isabell@stardust ~]$
Edit file /var/www/virtual/$USER/simpleid/www/config.php
.
The only change you really have to do is changing the SIMPLEID_BASE_URL, the other options are optional.
Warning
Replace <username>
with your Uberspace username!
define('SIMPLEID_BASE_URL', 'https://<username>.uber.space/simpleid');
In our example this would be:
define('SIMPLEID_BASE_URL', 'https://isabell.uber.space/simpleid');
You will need to create an identify file for every user of your SimpleID installation.
Warning
Replace <username>
with the username you want to use for your SimpleID identity!
[isabell@stardust isabell]$ cp /var/www/virtual/$USER/simpleid/identities/example.identity.dist /var/www/virtual/$USER/simpleid/identities/<username>.identity
[isabell@stardust ~]$
Before editing this file, we need to create a password/salt pair.
There are several ways to go, using the MD5, SHA1 and SHA256 algorithm and an optional salt. In this example we will use the SHA256 algorithm with a random salt.
First we'll generate a random salt to make this secure as possible. You are free to use any string as salt.
[isabell@stardust ~]$ date +%s | sha256sum | base64 | head -c 16 ; echo
MySuperSecretSalt
[isabell@stardust ~]$
With this generated hash and your password in mind we can create the SHA256 hash with 100,000 iterations for the identity file.
Warning
Replace <password>
with your password, and <salt>
with the generated salt or the one you decided to chose.
[isabell@stardust ~]$ php -r 'echo hash_pbkdf2("sha256", "<password>", "<salt>", 100000).PHP_EOL;'
[isabell@stardust ~]$
With our example values this would be
[isabell@stardust ~]$ php -r 'echo hash_pbkdf2("sha256", "MySuperSecretPassword", "MySuperSecretSalt", 100000).PHP_EOL;'
5fd924625f6ab16a19cc9807c7c506ae1813490e4ba675f843d5a10e0baacdb8
[isabell@stardust ~]$
Then open the identity file you copied before to /var/www/virtual/$USER/simpleid/identities/<username>.identity in your favorite editor.
Search for the pass line and edit it as described.
pass="<hash>:pbkdf2:sha256:<salt>"
In our example we would use this passline:
pass="5fd924625f6ab16a19cc9807c7c506ae1813490e4ba675f843d5a10e0baacdb8:pbkdf2:sha256:MySuperSecretSalt"
Since this is our first user, it should be set as administrator by changing
;administrator=1
to (remove the ;
)
administrator=1
The last thing is to set an identifier using an unique URL.
Warning
Replace <username>
with your Uberspace username!
identity="https://<username>.uber.space/openid/"
This will be the URL you'll have to use for registering with websites. We'll create the folder and fill it in a later step. In this example we will use:
identity="https://isabell.uber.space/openid/"
Warning
Don't forget the closing /
or you'll get an error if you try to use the identity.
After saving the file, you should be able login for the first time at your SimpleID installation located at the defined Base URL https://<username>.uber.space/simpleid
.
For finally using this identity you'll need to create a file at the URL we've defined in the .identity file.
[isabell@stardust ~]$ mkdir ~/html/openid
[isabell@stardust ~]$
Create the file ~/html/openid/index.htm with the following content:
<html>
<head>
<link rel="openid.server" href="https://isabell.uber.space/simpleid/" />
<link rel="openid2.provider" href="https://isabell.uber.space/simpleid/" />
</head>
</html>
You are now ready to use your own OpenID provider. Just make sure you are using the right URL for authentication, https://<username>.uber.space/openid.
Note
Check the update feed regularly to stay informed about the newest version.
Follow the steps described in the UPGRADE.txt shipped with the newest version. There all steps described you'll have to perform to update your installation.
Tested with SimpleID 1.0.2, Uberspace 7.1.13.0
.. authors::