SimpleID

SimpleID is a simple, personal OpenID provider written in PHP.


Note

For this guide you should be familiar with the basic concepts of

Prerequisites

We’re using PHP in the stable version 7.1:

[isabell@stardust ~]$ uberspace tools version show php
Using 'PHP' version: '7.1'
[isabell@stardust ~]$

Your URL needs to be setup for web:

[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$

Installation

Download & Extract

cd to your document root, respectively the folder above, because not all files must/should be accessible via web, then download the latest release of SimpleID and extract it:

Note

The link to the latest version can be found at SimpleID’s download page.

[isabell@stardust ~]$ cd /var/www/virtual/$USER/
[isabell@stardust isabell]$ wget http://downloads.sourceforge.net/simpleid/simpleid-42.23.1.tar.gz
[isabell@stardust isabell]$ tar -xzf simpleid-42.23.1.tar.gz
[isabell@stardust ~]$

Copy empty configuration

[isabell@stardust isabell]$ cp /var/www/virtual/$USER/simpleid/www/config.php.dist /var/www/virtual/$USER/simpleid/www/config.php
[isabell@stardust ~]$

Cleanup

[isabell@stardust isabell]$ rm simpleid-42.23.1.tar.gz
[isabell@stardust ~]$

Configuration

Define Base URL

Edit file /var/www/virtual/$USER/simpleid/www/config.php. The only change you really have to do is changing the SIMPLEID_BASE_URL, the other options are optional.

Warning

Replace <username> with your Uberspace username!

define('SIMPLEID_BASE_URL', 'https://<username>.uber.space/simpleid');

In our example this would be:

define('SIMPLEID_BASE_URL', 'https://isabell.uber.space/simpleid');

Create identity

You will need to create an identify file for every user of your SimpleID installation.

Warning

Replace <username> with the username you want to use for your SimpleID identity!

[isabell@stardust isabell]$ cp /var/www/virtual/$USER/simpleid/identities/example.identity.dist /var/www/virtual/$USER/simpleid/identities/<username>.identity
[isabell@stardust ~]$

Before editing this file, we need to create a password/salt pair.

There are several ways to go, using the MD5, SHA1 and SHA256 algorithm and an optional salt. In this example we will use the SHA256 algorithm with a random salt.

First we’ll generate a random salt to make this secure as possible. You are free to use any string as salt.

[isabell@stardust ~]$ pwgen 32 1
MySuperSecretSalt
[isabell@stardust ~]$

With this generated hash and your password in mind we can create the SHA256 hash with 100,000 iterations for the identity file.

Warning

Replace <password> with your password, and <salt> with the generated salt or the one you decided to chose.

[isabell@stardust ~]$ php -r 'echo hash_pbkdf2("sha256", "<password>", "<salt>", 100000).PHP_EOL;'
[isabell@stardust ~]$

With our example values this would be

[isabell@stardust ~]$ php -r 'echo hash_pbkdf2("sha256", "MySuperSecretPassword", "MySuperSecretSalt", 100000).PHP_EOL;'
5fd924625f6ab16a19cc9807c7c506ae1813490e4ba675f843d5a10e0baacdb8
[isabell@stardust ~]$

Then open the identity file you copied before to /var/www/virtual/$USER/simpleid/identities/<username>.identity in your favorite editor.

Search for the pass line and edit it as described.

pass="<hash>:pbkdf2:sha256:100000:<salt>"

In our example we would use this passline:

pass="5fd924625f6ab16a19cc9807c7c506ae1813490e4ba675f843d5a10e0baacdb8:pbkdf2:sha256:100000:MySuperSecretSalt"

Since this is our first user, it should be set as administrator by changing

;administrator=1

to (remove the ;)

administrator=1

The last thing is to set an identifier using an unique URL.

Warning

Replace <username> with your Uberspace username!

identity="https://<username>.uber.space/openid/"

This will be the URL you’ll have to use for registering with websites. We’ll create the folder and fill it in a later step. In this example we will use:

identity="https://isabell.uber.space/openid/"

Warning

Don’t forget the closing / or you’ll get an error if you try to use the identity.

After saving the file, you should be able login for the first time at your SimpleID installation located at the defined Base URL https://<username>.uber.space/simpleid.

Create identifier

For finally using this identity you’ll need to create a file at the URL we’ve defined in the .identity file.

[isabell@stardust ~]$ mkdir ~/html/openid
[isabell@stardust ~]$

Create the file ~/html/openid/index.htm with the following content:

<html>
  <head>
    <link rel="openid.server" href="https://isabell.uber.space/simpleid/" />
    <link rel="openid2.provider" href="https://isabell.uber.space/simpleid/" />
  </head>
</html>

You are now ready to use your own OpenID provider. Just make sure you are using the right URL for authentication, https://<username>.uber.space/openid.

Updates

Note

Check the update feed regularly to stay informed about the newest version.

Follow the steps described in the UPGRADE.txt shipped with the newest version. There all steps described you’ll have to perform to update your installation.


Tested with SimpleID 1.0.2, Uberspace 7.1.13.0

Written by: Philipp Wensauer <mail@philippwensauer.com>