How to install the Community-Id "OpenId" server on Linux

Charles Roth, 14 Jan 2010       (Techblog top)

I. Introduction
OpenId is a sort of mass single-signon project that is widespread, open-source, convenient, and relatively safe.  It involves using a (or setting up your own) OpenId server, that users login to.  Once there, their browser gets a cookie that OpenId-compliant applications can use to detect a valid login has already occurred, and take users straight into the application w/o further authentication.

Community-Id is a (relatively) easy to use and install OpenId server, for folks who want to "roll their own".  General installation instructions are at source.keyboard-monkeys.org/wiki/communityid/How_to_install_Community-ID_under_Linux.  This guide extends and assists with those instructions.

I. Download
The current stable version is 1.2.1.  Download it from source.keyboard-monkeys.org/projects/list_files/communityid.

Note that it requires PHP 5.2.4.

II. Create a userid to own the community-id site.

  1. Create a separate userid, e.g. "comid", to own the installation, with it's own home directory (e.g. /home/comid).
  2. chmod 711 /home/comid
  3. In that id, unpack the downloaded file (e.g. tar xvfz cid.1.2.1.tar.gz), which creates the communityid directory
  4. As root in the comid home directory, do chown -R comid:apache communityid.  (Assumes that your Apache web server runs as userid apache.)

III. Define a DNS Name
Select a DNS name for your OpenId server, e.g. comid.org.

This guide assumes that you want to use the simplest OpenId form for your userids.  E.g. if my OpenId server is "comid.org", then user "roth" is just "roth.comid.org".  This is great for your users, but it requires that the comid.org domain name is only useable for OpenId, i.e. you can't have any other service (like mail.comid.org) under that domain.

To make this work properly, you must define the DNS resolution for comid.org to redirect anyname.comid.org to comid.org.  In the linux named server, for instance, your DNS definition would most likely contain: 

   *.comid.org.                   IN CNAME     comid.org.

IV. Prepare Apache
Create a virtual host file for that name, e.g. /etc/httpd/conf/vhosts/comid.org, containing: 

   ServerName    comid.org
   ServerAlias *.comid.org
   DocumentRoot /home/comid/communityid/webdir

   <Directory /home/comid/communityid>
      Options FollowSymLinks
      AllowOverride All
   </Directory>
and restart Apache.

V. Prepare MySQL database
Create a MySQL database for OpenId, e.g. 

   mysql -u root -p
   create database comid;
   grant all on comid.* to comid@localhost identified by 'newPassword';
   quit

VI. Finish Installation
Point a browser at http://comid.org.  Fill in the database name, database password, the expected support email address, and an admin userid and password.  (The userid/pw is not an OpenId itself, just a way to administer the OpenId server.)

This automatically creates a file config.php in the communityid directory.  Edit this file (you may have to do it as root, since it is now owned by 'apache'), and change the definitions: 

   $config['subdomain']['enabled']             = true;
   $config['subdomain']['hostname']            = 'comid.org';
   $config['subdomain']['use_www']             = false;

Remove write permissions from this same file, e.g. 

   cd /home/comid/communityid
   chmod 440 config.php

VII. Test
Point your browser at http://comid.org, and create an OpenId "account".  You should end up with your own personal URL (aka OpenId) of http://name.comid.org.  You can use this OpenId at thousands of participating OpenId-enabled websites, such as... (to be filled in soon).

VIII. Using OpenId in a web application
(This text is still under development)

  1. yum install httpd-devel.i386
  2. yum install libtidy.i386
  3. yum install libtidy-devel.i386
  4. http://kin.klever.net/libopkele/ 
        ./configure
    make
    make install
  5. http://trac.butterfat.net/public/mod_auth_openid