Setting up an OpenID delegate for Verisign
Posted on Sept. 25, 2009 by Ben Dickson.
This is an old post from 2009. The content may be outdated or no longer relevant.
This is an old post I wrote, which was originally posted on neverfear.org on Fri, 25th Sept 2009 0:15:19. Archived here for posterity.
There is 1 comment on this post
OpenID (archive.org link) , the "decentralized standard for user authentication and access control" has a nice feature whereby you can use your own domain as your OpenID login.
Basically you put a few lines of HTML in your
<head>
tag, and any OpenID supporting basically treats it as a redirect.
I have a Verisign PIP (archive.org link) OpenID account, to login to various sites (such as the Stackoverflow (archive.org link) "family" of sites), but I can use my own domain ( dbrweb.co.uk (archive.org link) ) as a login.. I could run my own OpenID "endpoint", but this is much simpler, and more secure (as Versign will do a better job than I could)
Anyway, a bit of searching later and I came across Verisign PIP OpenID Delegation Code (archive.org link) , which contains the following code..
<link rel="openid.server" href="https://pip.verisignlabs.com/server/" />
<link rel="openid.delegate" href="http://username.pip.verisignlabs.com/" />
<meta http-equiv="X-XRDS-Location" content="http://pip.verisignlabs.com/user/username/yadis" />
<meta http-equiv="X-YADIS-Location" content="http://pip.verisignlabs.com/user/username/yadis" />
I replaced
username
with my PIP username, changed the self-closing tags
/>
to HTML strict-compaible
>
and ended up with the following
<head>
tag:
<head>
<title>dbrweb</title>
<link rel="openid.server" href="http://pip.verisignlabs.com/server">
<link rel="openid.delegate" href="http://dbr.pip.verisignlabs.com">
<link rel="openid2.server" href="http://pip.verisignlabs.com/server">
<link rel="openid2.local_id" href="http://dbr.pip.verisignlabs.com">
<!-- ...other stuff.. -->
</head>
Simple.