OpenID Consumer Authentication
User account access is now possible by OpenID 2.0 and Yadis Authentication Service functions.
Once a user is verified by their OpenID trust provider, the account sign-up and log-in forms are pre-filled with default values. OpenID users who sign-up are only required to enter the Captcha security code.
KitCADi3 _i3user.htm Passwords are less secure for OpenID generated KitCADi3 accounts because the password and user name is generated from the OpenID uri entered.
*KitCADi3 at KitchenPages.com does not record infomation from the OpenID responce (such as contact address, age, etc). The term of ‘OpenID Consumer’ refers to the requesting server/computer, that in this case should ALWAYS default to http://www.kitchenpages.com:80/library/i3/openid/ to check only for valid account log-in. (If the URL is different then the responce XML may be recorded in cache/logs)
The PHP scripts used to access OpenID / Yadis can be found at :-
http://github.com/openid/php-openid/
http://www.janrain.com/openid-enabled
pre 2009 was http://www.openidenabled.com/php-openid/.
More information about OpenID can be found at:http://openid.net/
🙂
February 16th, 2008 at 3:09 am
Bug: Opera 9.0 has noticed the self.opener is null..
Other coding attempts will be made, like using window.opener, tracking, cgi, etc…
If the bug can not be corrected then Opera 9.0 support may be disabled 🙁
Other browsers may also reject the OpenID support that is enabled by KitCAD i3 _user.htm because script proxy crosses two or more domains, or another page is generated by form post/get. The result is that the value for ‘opener’ is deleted (or over-secured).
February 16th, 2008 at 3:25 am
Bug: Trust
The trust of a 3rd party site/service used for validation or its user accounts can not be validated. A 3rd party script can be setup to provide the header responces and trick the consumer (aka KitCADi3)..
This is not something which can be corrected unless major restrictions are placed on validation URI
There are trusted discovery service/s which can avoid these issues, and by using: pre-configured filter lists (URI restrictions), hardware dongles, or usb keys. However this level of OpenID support is not enabled at this time from KitCADi3.
February 23rd, 2008 at 3:50 am
It is assumed that SSL certificates, InfoCards, CardSpaces, or other Identity methods should be provided by the user to the OpenID URI resolver to re-aquire trust.
If the PHP code is updated then support may be extended to other methods at a later date. (OpenID is the default option for KitCADi3 users who do not wish to maintain an email account as identity)
February 25th, 2008 at 9:19 pm
Updated php scripts to use common.php for file path info, config, etc..
The php scripts now require ZEND ENGINE 1 or above with the global function enabled.
Added a section to delete the time encripted session keys (set to a 1 hour ttl)
March 1st, 2008 at 9:05 pm
Planned upgrades to the OpenID auth for KitCAD.
The upgrades will be to alter email+pass to match the KitCAD i3 mediawiki (which, with email validation authorises new accounts, and allows password changes).
The OpenID login has been remarked out of the HTML until ready again for release (no point creating bad accounts)
🙂
March 5th, 2008 at 4:05 pm
Upgraded, and updated the OpenIDEnabled.com PHP files from 2.0.0 to version 2.0.1.
July 30th, 2008 at 9:30 pm
Removed OpenID from Mediawiki 1.12.0 KitCAD i3 option. However OpenID was still being used in two files and causing KitCAD i3 user ID to become an error. (See bug fix)
August 16th, 2008 at 7:57 pm
Upgraded, and updated the OpenIDEnabled.com PHP files from 2.0.1(2.1.0.zip) to 2.1.1
🙂
September 14th, 2008 at 2:16 am
OpenIDEnabled.com PHP 2.1.1 -> 2.1.2
June 20th, 2009 at 2:20 am
Have checked release, and already updated to version 2.1.3 (just forgot to post a note here).
2.1.2 -> 2.1.3
June 25th, 2010 at 9:15 pm
OpenIDEnabled.com/php-openid/ -> is now janrain.com/openid-enabled
See: http://www.janrain.com/openid-enabled
Downloaded version 2.2.2 (pending work for July KitCAD i3 releases – see post below) from http://github.com/openid/php-openid/
June 25th, 2010 at 11:23 pm
2.1.3 -> 2.2.2
KitCAD and XAMPP/WAMPP servers
Updating from 2.1.3 to 2.2.2 required one change for KitCAD i3 XAMPP try_auth.php file; text of :-
require_once “common.php”;
to be :-
//next line was added for version 2.2.2
define(‘Auth_OpenID_RAND_SOURCE’, null);
require_once “common.php”;
Notes:- if you define Auth_OpenID_RAND_SOURCE, simply use the path and filename to a random number generators output
EG: define(‘Auth_OpenID_RAND_SOURCE’, ‘/root/htdocs/ping.txt’);
June 30th, 2010 at 8:35 pm
Updated XAMPP and WAMPP2 versions of KitCAD i3 KGC with OpenIDEnabled PHP 2.2.2.
Did not change the release date, currently at 15th June, 2010
August 30th, 2010 at 8:43 pm
Re-Updated KitCAD i3 KGC XAMPP, WAMPP2, and WWW versions to support OpenID reply without ‘user’, ‘nic’, or ‘ID’ data strings.
A work-around was added to allow the users entered OpenID host to be used in both the ‘user’, and ‘password’ values. The work-around code fix has been consumer tested using a 3rd party OpenID provider.
Re-uploaded KitCAD i3 KGC (and 2.2.2 support) with un-changed current release date of 27th August, 2010.
September 1st, 2010 at 9:21 pm
Added site whitelist for OpenID Providers; OpenID Providers * 22 sites (many untested)
September 14th, 2010 at 7:36 pm
Fixed OpenID password auth security issues. Added a /htdocs/login/*.openid file to record password (online and xampp/wampp2 versions).
Remarked ’email’ as auth user, instead using the URI supplied by user as ’email’ address (online and xampp/wampp2 versions).
Added support for kitcad_secure.cgi to capture bad logins on all requests for data writes at servers backends (online version only).
December 17th, 2010 at 5:20 pm
Added FaceBook and Twitter AUTH support for a consumer.
Auth Keys are required by both Facebook and Twitter websites. By default these consumers are Disabled in all verisons except the Online versions hosted by KitchenPages.com
FaceBook supported using the facebook.inc.php package included example for RPCL in RadPHP 3.0 (or past vcl_for_php_2_1.tar.gz)
Twitter supports using the TwitterOAuth PHP script by Abraham Williams.
See FaceBook RPCL support fix/notes for more information.
Google support exists without a AUTH key if using the google-api-php-client example that is included with OpenID for PHP. A revised version for the +google sign-in service may be developed/depolyed at a later date.
March 8th, 2014 at 5:37 pm
2.2.2 (2013) -> 2.2.2 (2014 – Test build/update)
Added to KitchenPages.com | KitchenPage.com Open ID authentication system the Google developers cloud API for Google+ sign-ins and updated white-list setting for single the url of
plus.google.comSee server maintenance notice for more information.
Updates to off-line versions will be applied during the next available upgrade (as yet unknown).
May 17th, 2014 at 6:12 pm
Updated KitCAD i3 KGC XAMPP, WAMPP2, and WWW versions:
Added
plus.google.comsign-in method to OpenID consumer authentication – Server side using Google APIs Client Library for PHP (code.google.com/p/google-api-php-client).See KitCAD i3 KGC 2014 maintenance upgrade release notice for more information.
End user Instruction :
1 – Enter
plus.google.cominto the OpenID sign-in dialog, and click the Verify button (as image above)Click to view image
2 – Users not already logged into Google or Users who have NOT allowed permission will be asked to confirm sign-in. (The sign-out or no permission dialog will be displayed, see image above)
Click to view image
3 – Set Google account permission. (see image above)
Click to view image
4 – Users will be directed to the permission setting notice page. Users are NOT signed in. (see image above)
Click to view image
5 – Clicking the Verify button for a second time will up date the sign-in permission or remove permission/sign-out and complete the sign-in/out process. (The sign-in AND permission allowed dialog will be displayed, see image above)