An OpenID, via WordPress/phpMyId, on Dreamhost

Returning to this venue, after long hiatus: hi!

Today’s topic: So You Want To Get You One Of Them OpenIDs. And, you’re the sort of rugged DIY nerdo who hosts his own sites; and, you’re the sort of cheapskate who uses Dreamhost to do it. And, in a further creepy emulation of me, you run your own WordPress, *and* you have stumbled through just enough text on OpenID to understand that you were stymied enough to google for a page very much like this one. In which case: hi!

The specific case I’m addressing is that you host your own WordPress, perhaps named similarly to http://andy.boyko.net/, and you’d prefer, for whatever misguided reason, to use that same fine URI as your OpenID, and that furthermore you’re not afraid of 15 minutes of fiddling for its own sake. This will *not* help, in any way that I can discern, if you want to allow people visiting your WordPress installation to log in with their own OpenIDs in order to comment. I gather there are WordPress plugins to help you achieve that; I surely haven’t tried them yet (because, really, my focus at this moment is on making life easier for me, not any of you) but I imagine those plugins would work in tandem with what you do in the following steps.

If you’re not using Dreamhost, maybe you just want a general explanation on what to do, such as those provided by Sam Ruby or Simon Willison. This explanation is mostly lifted from their work, modulo the Dreamhost-isms.

But so we’ll assume this:

  • you’re a Dreamhost user, running your own WordPress instance under its own domain or subdomain (e.g. ‘myblog.com’, ‘andy.boyko.net’)
  • you understand Dreamhost’s Panel sufficiently to add a new domain
  • you have shell access
  • you only care about a one-person solution
  • you’re not afraid

Do these things:

  • In the Dreamhost panel, create a new subdomain on your blog’s domain, which will host the phpMyID tool, which is the secret sauce here, providing you with an “OpenID provider”, if I get the jargon right. Note that you won’t use the name of this subdomain that you choose here directly, though it will appear buried in HTML tags in your site. Given a WordPress instance at andy.boyko.net, I chose to create the subdomain ‘openid.andy.boyko.net’ for this purpose, though its name needn’t relate to your WordPress’s URL. I’ll refer to this new OpenID provider subdomain as openid.yourblog.domain.
  • Get a copy of phpMyID (version 0.7 at this writing; newer versions may invalidate some of this instruction) and unpack the .tar.gz file into your home directory, resulting in ~/phpMyID-0.7/
  • You need three files from the unpacked phpMyID package in the newly created directory for the OpenID subdomain, ~/openid.yourblog.domain/:

    cp ~/phpMyID-0.7/MyID.php ~/openid.yourblog.domain/
    cp ~/phpMyID-0.7/MyID.config.php ~/openid.yourblog.domain/index.php
    cp ~/phpMyID-0.7/htaccess ~/openid.yourblog.domain/.htaccess
  • Edit the .htaccess file, and uncomment the first of the three provided solutions — since PHP runs as a CGI on Dreamhost, you need mod_rewrite trickery to overcome some problem or over. Just accept it.
  • Follow the phpMyID README configuration, so that you create a new MD5 hash for your password, and update the index.php file accordingly with your new name and the resulting password hash. (Create the hash as instructed in the README, through ‘openssl md5‘.)
  • To preclude a baffling HTTP redirection loop later, trust the impossibly wise Sam Ruby, and add this line:

    'idp_url' => 'http://openid.yourblog.domain/',

    to the $GLOBALS['profile'] hash, along with the username, password, and realm.
  • Follow the README’s advices and test the installation of phpMyID, which at this point should be substantially complete, by visiting http://openid.yourblog.domain/ and logging in. Apparently, it is not unreasonable to be confident that this is OK despite not being SSL-encrypted, because of the use of digested authentication. Go with that. Prove that you’re able to log yourself in with the password you provided. You’re now done fiddling with the installation of phpMyID, and you can leave this new subdomain alone.
  • Well, before you leave it alone, take one more peek at the index.php configuration, and because you’re a savvy self-starting soul, and you realize the implications of the $GLOBALS['sreg'] array, you might as well populate it with as much boilerplate personal info (e.g. full name, nickname, location) as you’re comfortable automatically transmitting to various Web-two-dot-zero entrepreneur types; minimal testing suggests those sites will helpfully pull that data in for you when you establish a new account after having logged in via OpenID.
  • Now, head over to your WordPress, and bolt this new OpenID provider into it, by editing your chosen template (via ‘Presentation’/’Theme Editor’). Specifically, crack open the ‘header’ and, right before the closing </head> tag, insert this voodoo boilerplate:

    <link rel="openid.server" href="http://openid.yourblog.domain/">
    <link rel="openid.delegate" href="http://openid.yourblog.domain/">

    The wise Mr. Ruby suggests that, by adding the idp_url config above, the second (visibly redundant) line becomes unnecessary, but I’m too lazy to even bother eliding it. Note that there’s apparently a WordPress plugin that achieves the same one-or-two-line patch without you having to hand-tweak the HTML head, which might be preferable, but I haven’t investigated.

Anyhow, upon saving that change to your header, you should find that by simply providing the URI for your WordPress installation to the various ‘Web-two-dot-zero’ sites that offer an OpenID login option, those sites will do the right thing, reading the “link rel=” tag and as a result contacting your new minimal phpMyID-based OpenID provider. And, apparently, this is all OK.

Good luck.

Category: sysadmin | Tags: , , , , 2 comments »

2 Responses to “An OpenID, via WordPress/phpMyId, on Dreamhost”

  1. angelcake.org/

    Even though this comment is coming long after this post’s date of publishing, I wanted to thank you for writing these instructions. I met your use case almost exactly (the important part being that I am a Dreamhost user), and this saved me a lot of work.

    Normally I’d give myself a demerit for reading from a tutorial instead of fiddling with things myself, but my fiddler is tired from setting up WordPress in the first place. 🙂

    I also added a bit to your original formula – instead of embedding the openid server information in my blog’s header (which is in a subdirectory of my domain), I added the code to the root page of my website, since I’m planning to eventually build a site including more than just a WP install.

    At any rate, thanks for bothering to write all this up – it was greatly appreciated!

    – Sarah Lambert
    angelcake.org

  2. blog.floydius.com/

    I have had success doing this with bluehost, although I don’t think bluehost currently runs PHP in CGI mode.


Leave a Reply

You must be logged in to post a comment.

Back to top