I have been working on a WebGUI Auth module that supports OpenId.  

The module works well and I am currently testing it on some of my systems.

Do not install unless you have met the requirements/dependencies.   Please make sure you upgrade to the latest dependencies.   If OpenId is not working it is probably because you are not using the latest LWPx::ParanoidAgent or Net::OpenID::Consumer modules.

To install:

cp AuthOpenId.zip /data 

cd /data

unzip  AuthOpenId.zip 

Test the OpenId.pm module using the following commands:

• cd /data/WebGUI/lib/WebGUI/Auth
• perl -c OpenId.pm

ERROR:  Can't locate LWPx/ParanoidAgent.pm in @INC (@INC contains:...

     This means that the module LWPx::ParanoidAgent has not been installed.  Please follow the CPAN instructions to install this module.

ERROR:  Can't locate Net/OpenID/Consumer.pm in @INC (...

     This means that the module Net::OpenID::Consumer has not been installed.  Please follow the CPAN instructions to install this module.

ERROR:  Math::BigInt: couldn't load specified math lib(s), fallback to Math::BigInt::FastCalc ...

     Try installing Math::BigInt::GMP to solve this issue.  See http://www.perlmonks.org/?node_id=664894 for more info.

Add the proper parameters to your webgui.conf files... 

If you do not wish to use the JanRain/RpxNow service then there is no need to configure the RpxNow sections or snippet.  You can just use the OpenId portion without the RpxNow service.

Add the OpenId auth method to the configuration file as follows:

"authMethods" : [
     "LDAP",
     "OpenId",
     "WebGUI"
]

Add a section to the configuration file called "RpxNow" with an "apiKey" as well as a "remoteService" parameter.   You will have to get the values to these parameters from "Handle Tokens" section at the JanRain/RpxNow.com website.

"RpxNow" : {
    "apiKey" : "__get__your__own_key_from_http://rpxnow.com",
    "remoteService" : "https://rpxnow.com/api/v2/auth_info"
}

To get MySpace and FaceBook working login to your rpxnow.com account and follow their instructions.

Add the OpenId macro to your macros section:

"macros" : {
...
      "OpenId" : "OpenId",
...

restart apache (httpd)

You may use the Accept and Deny lists under the Admin settings/Authentication/Open Id section.  The lists of hosts/patterns should be separated by commas. 

Ex:  .bad.com,.whatever.com,.ask.com 

It is important to mention that the pattern "fair.com" will match "myhost.unfair.com|myhost.fair.com|mygreatproviderfair.com" instead of just "myhost.fair.com".

The Allow and Deny lists are totally inclusive.  If you place a pattern on the accept list only OpenId users using the provider that matches that pattern will be allowed. 

If you place  a pattern in the deny list, ALL users will be allowed except the ones matched by the pattern on the list.

If there are no entries on either list ALL valid OpenId users are allowed.

Place the Macro ^OpenId(); within an article somewhere on your website.

Create a snippet with the following values:

========= Cut this snippet code and use it on your site =========

<a class="rpxnow" onclick="return false;" href="https://yourRpxUri.rpxnow.com/openid/v2/signin?token_url=^u();/rpxlogin">Sign In</a>

<script type="text/javascript">
  var rpxJsHost = (("https:" == document.location.protocol) ? "https://" : "http://static.");
  document.write(unescape("%3Cscript src='" + rpxJsHost + "rpxnow.com/js/lib/rpx.js' type='text/javascript'%3E%3C/script%3E"));
  RPXNOW.overlay = true;
  RPXNOW.language_preference = 'en';
</script>

============== End Snippet code ==============

Use the above snippet where you want the RpxNow login link to appear.

When using the RpxNow widget you will have to setup a redirect link (/rpxlogin notice it above after the token_url=^u(); option) with the following settings:

URL: rpxlogin
Redirect URL:  /?op=auth;method=login;authType=loginRpx;token=^FormParam(token);

I had a problem were the yahoo service was mangling some portions of the url and this was a great work around.

If you do not wish to use the JanRain/RpxNow service then there is no need to configure the RpxNow sections or snippet.  You can just use the OpenId portion without the RpxNow service.

Please report any bugs to me directly.

Thank you. 

Comments

dannymk: "Hmmm... The Auth::OpenId module works with 2.0.  It just requires an update of the Net::OpenID::Consumer module.  Also, make sure you restart the httpd daemon so that the new Net::OpenID::Consumer module can be used."

dannymk: "Version 3.0.0 uses the Net::OpenID::Consumer module as well as the RpxNow.Com service."

dannymk: "The current module 3.x.x is pretty stable. I have been testing it on a few of my sites and I am currently using it on a production system at work."

ehab: "How hard would it be to be an OpenID provider, where other sites can authenticate against your userbase?"

dannymk: "Not sure ehab, I never thought about writing a provider module for WebGUI.  My focus has always been easier authentication for WebGUI."

ehab: "I see this is updated regularly :) keep up the good work."

ehab: "What is the most upto date version of webgui that the openID plugin supports?"

dannymk: "I have tested it up to: 7.9.15-stable
I am making some changes to the module and will upload those changes tonight."

kuldeep singh: "https://www.webgui.org/extras/form/CommentRating/5.png"

elnino: "this is awesome. What kind of group management in webgui do we have available on a user that logs in using a third party login creditials? Can we modify the "login screen" to tell them the advantages of one way or another? I see this type of logging in everywhere, but I really don't know much about it. so sorry if these are dumb questions."

dannymk: "The OpenId user also has a WebGUI login giving you the ability to use normal group management."

dannymk: "There is an updated OpenId module at:  https://github.com/dannymk/webgui
I have also created an OAuth2 module too. I still have to crate login templates for these modules but they are usable out of the box.  Documentation and other assets will be added as I have time."

kreta999: "I just got a id"