Extension:OpenID

The extension makes a MediaWiki installation OpenID 2.0-aware and lets users log in using their OpenID identity - a special URL - instead of (or as an alternative to) standard username/password log in. In that way, the MediaWiki acts as Relying part (RP) = OpenID consumer. As an option, it also allows the MediaWiki to act as OpenID provider, so that users with an account on that wiki can use a special identity URL as OpenID for login to other OpenID-aware web sites.

MySQL ok, PostgreSQL updater not ok
The extension has been developed and fully tested to work with MySQL databases. PostgreSQL has not been fully tested; there are reports about successful installations with PostgreSQL databases.

requisite 1: php-openid library
The extension depends on the OpenID PHP library from https://github.com/openid/php-openid. Clone a recent version and move the  subdirectory as explained below in the Installation section.

requisite 2: PHP extensions or modules
You need to install a few additional dependencies as PHP extensions or recompile your PHP if these are not part of your standard PHP installation. When running a server with OpenSUSE you will likely have to add (via YaST or manually) at least the modules.

Installation
It should work out of the box, but you'll almost definitely want to set the trust root and access controls (see Configuration below).

Configuration
These settings can be configured in the LocalSettings.php file. Place your parameters after the require_once line for the OpenID extension.

"It does not work": bugs, common pitfalls

 * Please check our First aid checklist before asking for help. Report a bug: see info box.


 * After creating a login with OpenID, features requiring a password (e.g. Special:ChangeEmail) won't work and features requiring an email (e.g. Special:PasswordReset) won't work because no email is set. See Bug 34357.
 * one MediaWiki acting as OpenID server Bob does not work with another or same MediaWiki acting as OpenID consumer Alice on the same server. Advice for the moment: use two different servers while playing with the extension
 * when you want to log in to your OpenID-consuming MediaWiki Alice as user X:
 * make sure that your are not logged in to the OpenID identity server Bob as another user Z ; otherwise you will see an error, which is intended.
 * I recommend you log out every persona you may have on server Bob while testing the extension
 * clear your browser cache of all Bob-related cookies, and session cookie.

myOpenID to close down for good in February 2014
It has been reported, that myOpenID will close down for good in February 2014. Users of the OpenID registrar will have to go elsewhere.

Google "2-step verification" is compatible
When using Google ID as OpenID, you can opt-in there to "2-step verification" ("two-factor authentication") because it is compatible with the OpenID extension.

Yahoo as OpenID provider: don't use! It is deprecated. Read why.
Yahoo allows users to regain other users e-mail addresses when they are not used for a certain time. This breaks the security of OpenID. The use of Yahoo OpenId is therefore deprecated and will be discontinued in the extension OpenID.