Extension talk:OpenID

From MediaWiki.org

I removed links to two sites that use the shitty old MW patch. It only works for MW 1.4.x, it's invasive, and it breaks your user database. Don't use it! --207.134.56.158 14:40, 21 February 2007 (UTC)

The mentioned OpenID http://wikitravel.org/en/User:Evan does not seem to work. E.g. jyte.com says "Unable to find your OpenID server" and I could not find any openid related meta data on the page 83.135.213.203 00:49, 23 February 2007 (UTC)

I don't think there's a good reason for you to be trying to log in to sites with my OpenID. However, I switched all my Wikitravel accounts to use OpenID, so that user page is no longer a valid OpenID. -- wikitravel:User:Evan 00:37, 26 February 2007 (UTC)

I am using Mediawiki 1.9.3. I created the table for OpenID in the database and added the require_once line to LocalSettings.php. I don't see the OpenID login page on SpecialPages. Two questions: 1. I changed $wgMainCacheType=CACHE_NOTHING to CACHE_ANYTHING. Is that okay? 2. Which of the configuration changes are required?

The OpenID login page won't show up in Specialpages. Just go to it directly, Special:OpenID. Eventually you should put a link to that in your MediaWiki:Loginprompt. 1. I don't know, but I think it should. 2. None of them are required, but I think it won't work very well unless you set the trust root correctly. Also, if you deny by default nobody can log into your server, so read the documentation about the Allow/Deny stuff, then set deny-by-default to false. --wikitravel:User:Evan 00:37, 26 February 2007 (UTC)

[edit] Internal_error.html

Possible issue in 1.9: Whenever someone tries to view the page of a non-OpenID user, that page will error out into "Internal_error.html". I can stop this from happening by commenting out the code block in OpenID.php related to providing the X-XRDS header and meta tags.

else {
   $wgOut->addLink(array('rel' => 'openid.server',
         'href' => OpenIDServerUrl()));
   $rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName());
   $wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL());
   header('X-XRDS-Location', $rt->getFullURL());
}

But I'm not familiar with what exactly is causing the error; I do know it wasn't an issue with 1.8.whatever. Since I don't need to provide OpenID server capabilities, I have just commented it out, but I thought I'd put the issue here in case anyone runs into the same problem or knows how to fix it.

--74.60.50.82 22:17, 26 February 2007 (UTC)

I had the same error as this user (I'm running 1.9.3), but I haven't managed to get OpenID working regardless, so I don't know what's going on. Commenting out this block did indeed stop the '500' errors that occurred when I tried to view my own userpage! No problem on user talk pages, or even IP pages I think. pfctdayelise 15:00, 13 April 2007 (UTC)

I think the problem is that the PHP function header() call is invalid. I'm not a PHP programmer, I admit, but I read the manual and it says that the second argument is supposed to be "true" or "false" (or not present). I think the proper invocation of this line is:

 header('X-XRDS-Location: ' . $rt->getFullURL());

I replaced the failing code with that line and it's no longer failing. Admittedly, it's not a great test since I'm having some other issue with the server functionality and I'm not able to do a complete successful login, but it does seem to cure the immediate problem.

To summarise: fix this issue by replacing on the comma on ~line 209 of OpenID.setup.php with a period. i.e. from

header('X-XRDS-Location: ', $rt->getFullURL());

to

header('X-XRDS-Location: ' . $rt->getFullURL());

202.81.18.30 22:22, 13 March 2008 (UTC)

To confirm the above, I have just installed v0.8.2 of OpenID on A MediaWiki v1.11.0 Attempting to view User Pages caused '500' errors and changing the comma to period as detailed above (in line 239 of OpenID.setup.php for me) fixed this. --BrillyuntWebby 17:50, 29 May 2008 (UTC)

Yes! It fixed my MW 1.13.1 with the OpenID extension v0.8.2! *thxalot* (sofar|sokai)

Well, today is 22:30, 14 January 2009 (UTC) and I have just subverted OpenID. I have this same problem, on MediaWiki 1.13.3, however there is no call to header() in OpenID.setup.php (no line 239 either). Where may I correct this problem?

— Chlewey 22:30, 14 January 2009 (UTC)

Self answer: line 69 in OpenID.hooks.php

— Chlewey 22:34, 14 January 2009 (UTC)

Done Fixed in r49249 ^demon 17:33, 6 April 2009 (UTC)

[edit] Fatal error: Class 'Services_Yadis_ManagerLoader' not found in .../pear/php/Auth/OpenID/Consumer.php on line 307

line 307: $loader = new Services_Yadis_ManagerLoader();

According to this Services_Yadis_ManagerLoader is located in /Services/Yadis/Manager.php (line 199). But this Services_Yadis_ManagerLoader is not defined in my Manager.php, at least.

which version of this package was this extension successfully used with? pfctdayelise 12:15, 15 April 2007 (UTC)

OK evidently installing OpenID and installing Yadis is NOT the same as installing Yadis through OpenID. wtf.

./pear install --alldeps -f http://www.openidenabled.com/resources/downloads/php-openid/pear/Auth_OpenID-1.2.2.tgz

I re-installed OpenID and it seemed to update the files properly. Now I'm back to the errors without any detail whatsoever, yay... :/ --pfctdayelise 12:53, 15 April 2007 (UTC)

[edit] Sample settings

require_once("extensions/OpenID/OpenID.php");
$wgOpenIDConsumerDenyByDefault = false;
$wgTrustRoot = ...;
$wgOpenIDConsumerStoreType = "file";
$wgOpenIDConsumerStorePath = "extensions/OpenID/consumerstore";

the Path variables create a bunch of files under that directory, so don't call them "consumerstore.txt" like I first did. ;)

Some more info about the file vs memc option would be useful... --pfctdayelise 13:55, 16 April 2007 (UTC)

[edit] Usernames with slashes

Signing up via special:userlogin, usernames aren't allowed to have slashes ("/"). It seems OpenIDLogin needs to allow them too. While testing my setup I tried putting in the OpenID URL for the username (which happened to be "getopenid.com/username". And uh, it caused the wiki to break on line 495 in Consumer.php:

$user->addToDatabase();

So I guess the user suggested names need to be escaped somehow to avoid this. pfctdayelise 14:37, 16 April 2007 (UTC)

[edit] MediaWiki:Openidlogininstructions

This accepts HTML but not wikitext. It should accept wikitext too. pfctdayelise 14:56, 16 April 2007 (UTC)

Fixed at some point - current version on Betawiki: http://translatewiki.net/w/i.php?title=MediaWiki:Openidlogininstructions/en --Sergey Chernyshev 21:46, 27 February 2009 (UTC)

[edit] Bad OpenID mode

I had the OpenID extension running in MW 1.6.5, but since upgrading to 1.9.3 I've been unable to log in. I am redirected to my OpenID provider (in this case myopenid.com) correctly, but I get the message:

This request had a bad OpenID mode. The requested mode was p.Use your browser's back button to return to the requesting site and inform them of this problem.

The debug log does not show anything helpful. Has anybody encountered this before? Anybody know what's up? Thanks for any advise. JacobPappe 18:18, 22 May 2007 (UTC)

Hmm, this seems to have resolved itself. I think some of my OpenID settings had been commented out. JacobPappe 21:01, 22 May 2007 (UTC)

[edit] OpenID accounts not appearing in Newuserlog

Accounts create via OpenID login don't seem to appear in the log, when using Newuserlog. I'm not sure which extension needs to be updated OpenID or Newuserlog - anybody have an idea? Jclerner 16:31, 11 July 2007 (UTC)

That extension (Newuserlog) is since 1.14.0 obsolete; it has been included officially in mediawiki. But still the problem remains, it would be nice if accounts created with OpenID login would appear in the Special:Log/newusers. Could this be included in a next version perhaps?Fredd-E 13:45, 26 May 2009 (UTC)

[edit] SpecialOpenIDLogin.php

So I've installed the OpenID extension following the instructions, but now I get a warning about a missing file (includes/SpecialOpenIDLogin.php) whenever I try to access the login page. I've looked for the file everywhere and I can't find it. Thanks in advance for help on this!

[edit] Broken?

The plugin just doens't work for me.

• My Wiki's allow me to enter an OpenID at "Spesial:OpenIDLogin".
• It then redirects to the OpenID provider to say alright, share the identity with this site.
• It then goes back to MediaWiki and displays "Finish OpenID login" and claims "Your OpenID server did not provide a nickname (either because it can't, or because you told it not to). All users need a nickname; you can choose one from the options below." and allows me to choose "An auto-generated name (OpenIDUser2)" or "A name of your choice:".
• MW then says "Verification of the OpenID URL failed. " at Spesial:OpenIDFinish/ChooseName. Every single time. At every provider.
• Something is obviously extremely rotten in Denmark. And I have no idea why/what would cause this.

The extention don't seems to bother anything else, though, so I'll leave it "enabled" (but not working), perhaps mr. Prodromou or someone else can try http://dikt.org/Spesial:OpenIDLogin and give me a clue as to why oh why this doesn't work... --81.227.239.183 13:02, 26 July 2007 (UTC)

[edit] https login on WikiTravel does not work

Interesting that the MediaWiki wiki here has no OpenID support.

Anyway, I tried to sign up for WikiTravel through my OpenID provider, which uses https (which is a smart thing, all OpenID providers should do that), but the bloody wiki does not let me login through https, only standard http. I wonder if they are using an older version of this extension , therein lying the problem perhaps. Or perhaps not. I wonder how I may approach them on this subject.

I do know that this extension works with https because we installed it at XiphWiki, and there I can login anytime.--Saoshyant 00:30, 12 August 2007 (UTC)

[edit] Report: Notable Bugs

I decided to create a list of bugs that are annoying me to no end, in hopes that they may be fixed by the developer.--Saoshyant 03:30, 12 August 2007 (UTC)

[edit] Profile erasing

I have tested this several times, and the issue appears to be real. Every time I login through OpenID, my profile is completely erased. Real Name, Signature, E-mail — it's all gone! This is a serious problem and needs to be fixed.

Made it optional so those who want their persona updates to follow them still can benefit it - will do more granular configurations in future releases (email is the mail thing, I believe) --Sergey Chernyshev 23:41, 24 February 2009 (UTC)

[edit] Lack of "Remember Me" option

This is just annoying. I have to login again everytime I restart my browser. Why can the extension not mimic the standard login procedure to allow me to stay logged on after verification?

[edit] Separated Standard and OpenID login options

Why is this even happening? Most OpenID sites out there put the two login methods in one single page.

[edit] OpenID/XRDS Meta tags are not generated for users logged in via external OpenID provider

I was wondering why can't I use my Userpage to sign in to other OpenID-enabled sites and I realized that Userpage doesn't have the required Meta tags. I started digging and found that OpenID.php has these lines:

$openid = OpenIdGetUserUrl($user);
if (isset($openid) && strlen($openid) != 0) {
	$url = OpenIDToUrl($openid);
	$disp = htmlspecialchars($openid);
	$wgOut->setSubtitle("<span class='subpages'>" .
		"<img src='http://openid.net/login-bg.gif' alt='OpenID' />" .
		"<a href='$url'>$disp</a>" .
		"</span>");
} else {
	$wgOut->addLink(array('rel' => 'openid.server',
		'href' => OpenIDServerUrl()));
	$rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName());
	$wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL());
	header('X-XRDS-Location', $rt->getFullURL());
}

Why is that? It seems to me that you either get a link to your OpenID url or proper meta tags? So, if you've signed up using OpenID you can't use MediaWiki as an OpenID-server anymore? It makes so little sense it almost doesn't make any sense at all to me. --81.195.21.207 19:13, 22 August 2007 (UTC)

[edit] Length parameter must be greater than 0

I've done a small amount of hacking in CryptUtil, but I can't get it to work. /dev/urandom is working, so I don't know what CryptUtil is complaining about.

Warning: fread() [function.fread]: Length parameter must be greater than 0 in /usr/local/src/php-openid-2.0.0-rc2/Auth/OpenID/CryptUtil.php on line 65

Special:Version looks like this:

    * MediaWiki: 1.10.0
    * PHP: 5.2.0-8+etch7 (apache2handler)
    * MySQL: 5.0.37-log 

Extensions
Other
ConfirmEdit	Simple captcha implementation	Brion Vibber
MicroID (version 0.1)	adds a MicroID to user pages to confirm account with external services	Evan Prodromou
OpenID (version 0.7.0)	lets users login to the wiki with an OpenID and login to other OpenID-aware Web sites with their wiki user account	Evan Prodromou

Guaka 11:48, 18 October 2007 (UTC)

Maybe it's due to the redirect. I tried to log in at http://wiki.foaf-project.org/ with http://guaka.org, which is merely an OpenID delegation to http://guaka.myopenid.com. guaka.org didn't work, myopenid.com worked. Here's the relevant piece of XHTML at guaka.org:

        <link rel="openid.server" href="http://www.myopenid.com/server" />
        <link rel="openid.delegate" href="http://guaka.myopenid.com/" />

Guaka 12:59, 2 November 2007 (UTC)

[edit] AddAccount Hook

Would it be possible to run the AddAccount hook when the user sets up their account so the newly configured/added user shows up in the new user log? That'd be cool, there are a few admins on our site that were wondering where these new users came from when they didn't show up in the log.

--Tderouin 17:16, 7 January 2008 (UTC)

[edit] Odd Header behavior

I have two wikis which I put the OpenID extension into recently, and the OpenID extension broke the User Pages for which it was acting as an OpenID server.

The solution that I came to was to comment out line 172 of OpenID.php:

						$wgOut->addLink(array('rel' => 'openid.server',
											  'href' => OpenIDServerUrl()));
						$rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName());
						$wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL());
// 						header('X-XRDS-Location', $rt->getFullURL());

It appears that MediaWiki 1.11 is outputting something before it reaches the OpenID extension included in the LocalSettings.php. I'm trying to run down exactly where this is happening, but as for now, commenting the header line works.

--NoTea 04:32, 25 January 2008 (UTC)

I went through the list of wikis using this extension and these ones are using MediaWiki 1.11.0:

• http://wiki.creativecommons.org/Special:Version
• http://wiki.openid.net/Special:Version

My CreativeCommons wiki userpage seems fine, but perhaps it's only a problem after it's used as an ID on another site. So I tried using this to login to Wikevent.org, but after the CC wiki asks for confirmation, it just leaves me at an empty page of Search results. I'll do more experimenting later - gotta run now.

At Appropedia, we also use this version, and want to make sure there's no problem before we install it. NoTea, after you commented out the line, have you had any problems at all? What is the url of the wiki are you managing? --Chriswaterguy 05:52, 19 February 2008 (UTC)

I still can't use my CreativeCommons wiki userpage as an OpenID - when trying to use it to log into another site, it again failed in the same way. At first it looks promising ("Check if you want to share data with http://bmannconsulting.com" but then it just displays the text Search results.

I can't test this using wiki.openid.net, as the login is only by OpenID, and it seems like this site isn't set up to work as an identity provider.

Any insights? --Chriswaterguy 14:09, 19 February 2008 (UTC)

Success - I can login to another wiki (Wikevent) with OpenID, using my userpage on Schwarzes Wiki (German Gothic-Wiki - just posted today on the "list of wikis using this extension" and also using MW 1.11.0).

Creating my account there was a slight challenge (but thank you translate.google.com), and when I went to login to Wikevent and was passed to the Schwarzes Wiki, I had to guess that "Suche" ("Search") actually meant to register, and it did.

Now to check whether my userpage on the Schwarzes Wiki is broken... nope, looks fine!

As Mel Brooks might say, the Schwarzes be with you. --Chriswaterguy 03:47, 20 February 2008 (UTC)

Look above for a fix: Extension_talk:OpenID#Internal_error.html. Sorry me for my last "bad" commt! ;) (sofar|sokai)

[edit] Cannot login to OpenID

Hello, I setup my MediaWiki at http://www.khamthai.com/ My login page is at http://khamthai.com/word/Special:OpenIDLoginOpenID

However I could not login with my OpenID either from Yahoo! OpenID or IDProxy.net. I got messages "Sorry! Something is not quite right with the request we received from the website you are trying to use..." from Yahoo! and "500 Error Server error." from IDProxy.net. My OpenID works fine with Wikitravel and Wikihow.

In my /tmp/openid-consumer, I have two files in /associations. Nothing is in /nonces and /temp. In my MySQL, there is a blank OpenID table.

Thank you for any response. Regards --Manop 22:55, 31 January 2008 (UTC)

[edit] Verification failed

I'm setting up OpenID for my new wiki. However, whenever I login, I get an error:

Verification of the OpenID URL failed. Error message: "return_to does not match return URL. Expected http://15monkeys.com/wiki/shared/index.php?title=Special:OpenIDFinish, got http://15monkeys.com/wiki/shared/index.php?title=Special:OpenIDFinish&janrain_nonce=2008-03-25T18%3A30%3A41ZQVKcHE"

When I login using a remote OpenID, I get even more janrain garbage which it doesn't expect. I'm using verion 2.0.1 of php-openid. --BigSmoke 18:39, 25 March 2008 (UTC)

[edit] OpenID Failed Clamshell Same Server

I am currently running a clamshell openid server on ____/openid my wiki is at ____/w/Main_Page or ____/Wiki:Main_Page when i try to convert my current login "Lenary" to my OpenID on the same server, it gives me this error: "Verification of the OpenID URL failed. Error message: "Not in requested trust domain:____"" with a link. when i click this link, another error comes up: "Invalid openid.mode '<No mode set>'". i have tried changing the $wgTrustRoot to both of the above addresses, but neither work. $wgOpenIDConsumerDenyByDefault = false; me and a friend are working on rectifying this, but nothing is working. The /Auth from the library you asked for a prerequisite is at ____/w/Auth as well as /usr/share/php5 and /usr/?bin?/php5 (i'm not sure of the last one) i have no clue what to do now. I have tried all 3 addresses clamshell lets you use, ____/openid/clamshell.php?u=### ___/openid/?u=### ___/openid/### (sorry, i have obscured all addresses for security... ____ is the server domain name, ### is my clamshell username)

i have just also copied /Auth to ____/w/extensions/OpenID

Hi Anonymous. You shouldn't need to do this last step, but rather place Auth in $IP/includes, since it'll be automatically included in the include_path. Regarding the error you are getting, it's probably related with $wgTrustRoot. Try to set it to a value equal to the start of your wiki URL, including the port, if you're using other port than 80. It took me some time to figure that out. I'm using it with: ClamShell 0.6.7 and MediaWiki 1.12.0 (had to upgrade from 1.10 to support the i18n new stuff). Thanks to Evan Prodromou for the great work. Nuno Tavares 00:17, 3 May 2008 (UTC)

would that route be something like http://example.com/Wiki: (where http://example.com/Wiki:Main_Page was the main page, but http://example.com/w/ was the actual dir of the wiki? thanks for the help so far Nuno

http://example.com/ should be enough, I believe. Nuno Tavares 21:28, 5 May 2008 (UTC)

this would be a solution http://ioni2.com/2009/wordpress-openid-login-failed-invalid-openid-mode-no-mode-set-solved-for-both-wordpress-and-drupal/

[edit] not under trust_root

Nothing I did in LocalSettings.php helped with this error. Editing OpenID.setup.php and adding my trust_root URL to $wgTrustRoot did the trick.

OpenID.setup.php

# Defines the trust root for this server
# If null, we make a guess
# $wgTrustRoot = null;
$wgTrustRoot = "http://www.example.com/wiki/";

--Beagle 17:18, 17 May 2008 (UTC)

Hmmm... that's odd. Just for fun, I commented the $wgTrustRoot entry in OpenID.setup.php and now it appears that the entry in LocalSettings.php is being read.

Yes, by George, it is reading LocalSettings.php now because if I comment the $wqTrustRoot entry there it fails. You can like see for yourself at tioat dot net slash wiki if ya don't believe me. I'm just so thrilled it works now. ;) --Beagle 09:47, 18 May 2008 (UTC)

[edit] Install problem with head MW 1.13

We have the most current files (subversion checkout) in phase3/extension/OpenID, executed the sql code to create the necessary table and have require_once("$IP/extensions/OpenID/OpenID.setup.php"); in LocalSettings. We do use symbolic links: /var/www/PWiki/ contains a link extensions to /usr/share/mediawiki/phase3/extensions. All other extensions work that way, so we believe this is not the problem. So far only OpenID does not work with MediaWiki head revision. Showing main pages works ok, but navigating to special pages creates an error. The error is strange to non-experts, because it refers to plenty of paths that simply don't exist:

Warning: AutoLoader::require(/var/www/PWiki/Auth/OpenID/Server.php) [function.AutoLoader-require]: 
 failed to open stream: No such file or directory in 
 /usr/share/mediawiki/phase3/includes/AutoLoader.php on line 506

Fatal error: AutoLoader::require() [function.require]: Failed opening required 
 '/var/www/PWiki/Auth/OpenID/Server.php' (include_path='/var/www/PWiki:/var/www/PWiki/includes:
 /var/www/PWiki/languages:.:/usr/share/php:/usr/share/pear') in 
 /usr/share/mediawiki/phase3/includes/AutoLoader.php on line 506

Anyone has an idea or a solution? Many thanks! --Vigilius 18:00, 20 July 2008 (UTC)

Hi! Did you install the "PHP OpenID Library" v2 from [1]? I experienced the same error message (with 1.13.1) and fixed it by copying the "Auth" folder to my Mediawiki-root-folder. Now everything works fine! :) *goodluck* (sofar|sokai)

[edit] Where to download

Where do I go to download this?

Follow the link in the infobox in the upper right corner, after "download". Easiest is, however, to use subversion to check out the entire extension branch; many extensions are supported in the mediawiki subversion system. At a place where you want the checkout to be downloaded to, run the following commandline:

svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions

--Vigilius 22:20, 31 July 2008 (UTC)

[edit] OpenID in Wikipedia

Are there any plans to add this extension to the Wikimedia Foundations projects like en.wp? At Wikimania06 Brion Vibber talked about adding it once the unified login is deployed. Is there a new timeline or was the plan abandoned? he!ko 16:47, 15 January 2009 (UTC)

[edit] Bad Content-Type in HTML header (svn: r46704)

Trying to identify on http://openidenabled.com/php-openid/trunk/examples/server/server.php failed due to a possible bug in SpecialOpenIDXRDS.body.php in line 110.
Changing

header("Content-Type","application/xrds+xml");

into

header("Content-Type: application/xrds+xml");

helped then. --217.80.70.52 22:27, 3 February 2009 (UTC)

Done Fixed in r49250 ^demon 17:33, 6 April 2009 (UTC)

[edit] Wrong escaping (svn: r46704)

In SpecialOpenIDXRDS.body.php line 56 it should say

'  xmlns:xrds="xri://$xrds"',

$xrds gets escaped the right way then. --217.80.70.52 22:57, 3 February 2009 (UTC)

[edit] JanRain RPX

I wonder if it might be possible to have JanRain's RPX enabled on MediaWiki. This OpenID extension is already a great feature, but it could be greatly ehanced with the free version of JanRain's RPX which presents the user lots of different user accounts to use in order to log in to a web site. It features: OpenID 1.x, 2.0, FaceBook Connect, MySpaceID,Google,... especially great because it will enable users to use their Facebook login to edit the wiki.

I contacted RPX on their Facebook page and asked them if they would be interested to develop an extension to MediaWiki which uses their RPX. He answered the following: "So, there isn't currently a turn-key plugin for MediaWiki, but if you know of anyone who'd be initerested in working with us to develop one, let us know. That said, as mentioned in a comment below, RPX is agnostic to platform and should be compatible with all web applications."

So, maybe the team of this OpenID extension would be interested to work with JanRain for an official MediaWiki version? --Fredd-E 11:01, 5 June 2009 (UTC)

I'd be very interested in seeing the development of this. I am implementing openid on my wiki, and I am having problems using gmail accounts with it. Alejandro. --129.67.116.109 13:13, 9 June 2009 (UTC)

[edit] Realm Verification Failed

I just installed your extension and cannot login with openID. I get the following message when I try to login:

error:Invalid AuthRequest: 769: Realm verification failed for: http://www.iptvwiki.com/wiki/ 

Using MediaWiki 1.14, tried Extension:OpenID 1.14 and 1.15, and I have OpenID Library 2.1.3 installed. Any help would be greatly appreciated.

Thank you,

--97.112.132.8 14:42, 20 June 2009 (UTC)

[edit] Cert Verification

Verification error

An error occurred during verification of the OpenID URL.

I am receiving this error when trying to login using my OpenID account with any https site. Basically I've found out that its trying to verify my CAfile: /etc/pki/tls/certs/ca-bundle.crt

How can I mitigate this? I was thinking I could either setup php.ini to use curl -k? (which I dont know how to)

Or I could setup the ca-bundle.crt cert (which i already have a ca.crt file setup for another site hosted on the same machine) Anyone know how to setup the ca-bundle.crt?

Anyone know how to get around this?

error_log http file:

CURL error (60): error setting certificate verify locations:\n CAfile: /etc/pki/tls/certs/ca-bundle.crt\n CApath: none\n, referer: http://mysite.net/index.php?title=Special:OpenIDLogin&returnto=Home

FYI I resolved this issue by making /etc/pki/tls/certs/ readable.

[edit] does this override?

does this override the default log in system and/or this extension, or does it work with it? - Bud0011 07:39, 5 July 2009 (UTC)

It can be used in parallel with any other extension - it just authenticates using OpenID, other methods are not affected. --Sergey Chernyshev 04:49, 6 July 2009 (UTC)

Sounds good. Thank you. Bud0011 16:51, 6 July 2009 (UTC)

[edit] Warning and Fatal Error clicking OpenID link

Warning: require_once(Auth/OpenID/Consumer.php) [function.require-once]: failed to open stream: No such file or directory in /srv/www/wiki.arklinux.org/html/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

Fatal error: require_once() [function.require]: Failed opening required 'Auth/OpenID/Consumer.php' (include_path='/srv/www/wiki.arklinux.org/html:/srv/www/wiki.arklinux.org/html/includes:/srv/www/wiki.arklinux.org/html/languages:.:/usr/share/pear') in /srv/www/wiki.arklinux.org/html/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

--163.129.77.75 01:08, 5 August 2009 (UTC)

check out the pre-requisites section - basically this extension can't find an OpenID library fro OpenIDEnabled.com --Sergey Chernyshev 14:42, 5 August 2009 (UTC)

[edit] Google Friendconnect?

Does the extension also work with Google Friendconnect?

FriendConnect is not the same thing, but this extension allows you to log in using Google Account in a similar way --Sergey Chernyshev 17:42, 3 September 2009 (UTC)

Thanks for the answer! I'll try it soon then. --138.246.7.158 06:40, 4 September 2009 (UTC)

[edit] Installation Notes for WIMP Platform

Since I spent the better part of a weekend getting this extension up and running on Windows IIS MySQ PHP (WIMP), thought I would document to minimize others' future misfortune.

Platform was MW 1.16 with php-openid-2.x.x-snapshot library

• First, you really want to use PEAR if you can. If you have not loaded it into your PHP environment, find instructions and do so.
• Download and extract the current php-openid package (I used devl version, 2.x.x-snapshot, but you may want to use the most current stable release) from here
• To integrate php-openid into your PHP environment, copy the extracted "auth" dir (and all subdirs) into your PEAR directory (default is C:\Program Files\PHP\PEAR. Hopefully in the future there will be a PEAR package for Windows that will do this for us, but for now, this works.
• You will need to add/enable several PHP extensions using PEAR via the following instructions executed from the command line:

C:\Program Files\PHP>pear install PHPUnit
C:\Program Files\PHP>pear install HTML_Common

• You will also need to manually add several extensions. First check to make sure these extensions exist in you PHP environment (they are usually found in the C:\Program Files\PHP\ext directory by editing the php.ini file and adding the following (if they are not already there):

[gmp]
extension=php_gmp.dll
 
[OpenSSL]
extension=php_openssl.dll
 
# The following are not required for current version, but will be required if MS LiveID is supported in the future:
 
[PHP_MHASH]
extension=php_mhash.dll
 
[PHP_DBA]
extension=php_dba.dll

• I had to manually add the new table and index using the MySQL query tool and using the edited commands from openid_table.sql.
• If you are using windows, you need to add a configuration definition before you activate OpenID otherwise you'll get an error about having an undefined random source:

define('Auth_OpenID_RAND_SOURCE', null);
require_once( "$IP/extensions/OpenID/OpenID.setup.php" );

Special Note: I spent the majority of the time trying to figure out why I got the following error message:

"An error occurred during verification of the OpenID URL"

It turns out, it was because I had not enabled PHP OpenSSL extensions on that server.

Hope this helps --jdpond 01:18, 23 November 2009 (UTC)

[edit] Integrate SpecialOpenIDLogin::createUser with LoginForm::addNewAccount?

The LoginForm from SpecialLogin has many desirable features that help manage new users - most of which are bypassed by the SpecialOpenIDLogin::createUser, including several notifications and other useful hooks. Has the concept of integrating these two functionalities been considered - I might be willing to do it, but don't want to waste my time if someone has already taken a shot at it. --jdpond 01:18, 23 November 2009 (UTC)

[edit] Adding OpenID to Acount (Also: user page gone)

I tried to add OpenID login to my user account, but after having already plainly logged in with my OpenID, was told it was taken. Additionally, my normal user pages has disappeared, to be replaced with an internal server error (500).

I confirm that bug because I have the same error in my website

[edit] Configuration should be moved to LocalSettings.php

As MediaWiki can be used as a single installation for multiple wikis (by means of symbolic links), requiring the extension configuration to be done in the extension itself is an error, since its then global for all wikis within the same installation.

My suggestion would be to keep the OpenID.setup.php configuration in place, but use it as default values, prefixing each line with an:

if (isset($wgVar))

statement. This way the extension will allow users to move any configuration parameter to the LocalSettings.php file of the specific wiki they want to configure.

--Jaime Pérez 17:16, 15 February 2010 (UTC)

The OpenID extension doesn't seem to do this any differently than other extensions. The extension sets up the default values in OpenID.setup.php and then you modify the configuration variables after the inclusion of that file. Reach Out to the Truth 21:10, 15 February 2010 (UTC)

The fact that other MediaWiki extensions behave like that does not make this behavior the right one. The file where to place configuration per wiki is the LocalSettings.php file. Moving configuration parameters outside that file makes it painful to manage large installations with several wikis using only one installation of MedaWiki. I don't care about other extensions and neither should you, as we are talking about the OpenID one. Putting configuration parameters outside the LocalSettings.php is wrong.

--Jaime Pérez 10:18, 22 February 2010 (UTC)

You don't configure the extension outside of LocalSettings.php. You configure the extension in LocalSettings.php after the inclusion of OpenID.setup.php. You should not be modifying any other files. Reach Out to the Truth 18:42, 22 February 2010 (UTC)

[edit] Annoying PHP Error Log Messages --jdpond 00:38, 12 March 2010 (UTC)

I'm getting two messages using this extension in my otherwise pristine error logs. They are:

PHP Warning:  Call-time pass-by-reference has been deprecated;  If you would like to pass it by reference, modify the declaration of [runtime function name]().  If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file.   in PHP\PEAR\Auth\OpenID\AX.php on line 963 (also line 891)

and

PHP Notice:  Uninitialized string offset:  0 in includes\WebRequest.php on line 461

The second is a malformed URI - but I don't know why it's getting passed that way.

The first is obviously in the PHP Auth\OpenID pear package.

Any ideas?