A Ruby on Rails-based OpenID server for all ya identity providers out there. It supports the current OpenID specifications (OpenID 2.0) and supports SReg, AX (fetch and store requests) and PAPE as well as some custom additions like multifactor authentication using a yubikey (see http://yubico.com)
Ruby JavaScript
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 6 commits ahead, 8 commits behind dennisreimann:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
app
config
db
lib
public
script
test
vendor/plugins
.gitignore
.infinity_test
.rvmrc
Gemfile
Gemfile.lock
MIT-LICENSE
README.md
Rakefile
config.ru
login.dot

README.md

masquerade OpenID Server

masquerade is an OpenID server released under the MIT-license.

For updates and further information see the project website.

The source code is available at github - feel free to fork and submit patches :)

Installation

  1. Setup your bundle:

    • run bundle install
  2. Configure the database:

    • rename the file config/database.yml.example to config/database.yml
    • set the values in database.yml according to your database
  3. Configure the application:

    • rename the file config/app_config.yml.example to app_config.yml
    • set the values in app_config.yml according to your environment
  4. Setup database

    • run the migration scripts
      • bundle exec rake db:create
      • bundle exec rake db:migrate
    • bundle exec rake db:create will only create development and test database, if you want to have production database, use bundle exec rake db:create:all instead
  5. Run the tests and see if everything seems to work bundle exec rake test

Testing the installation

You can test the functionality in your local environment starting two instances: One as your Identity Provider/OpenID Server and another one as Relying Party.

rails server
rails server -p 3001

If you want test production mode, you can use:

rails server -e production

Open your browser with these urls:

First you have to create an account at the Identity Provider, after that you will be able to use the issued OpenID URL (http://localhost:3000/YOUR_LOGIN) to send requests from the Relying Party to the server.

Use the options provided by the OpenID verification form to test several aspects of the client-server communication (like requesting simple registration data).

Notice

  • Development and test mode won't send mail when you signup
  • Validation mail link is localhost:3000, how to change host?
    • In config/app_config, modify the value of host
  • Production mode error: hostname does not match the server certificate
    • Put ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false in environments/production.rb

Introduction

The main functionality is in the server controller, which is the endpoint for incoming OpenID requests. The server controller is supposed to only interact with relying parties a.k.a. consumer websites. It includes the OpenidServerSystem module, which provides some handy methods to access and answer OpenID requests.

TODO

  • Let the user set a standard persona which is used as default for requests

Notes

Inspiration derived from:

Contact

Dennis Blöte: mail@dennisbloete.de