OpenID for eZPublish

Earlier this year I was investigating OpenID and decided to attempt to integrate it into eZ Publish. I got most of the way before I realised that the amount of existing code I had to replicate meant that the maintenance of the extension would be a nightmare.

After discussions at the eZ Developer Day I decided to upload the source to projects.ez.no and invite anyone interested check it out. If you want to contribute feel free to add yourself to the group.

The extension uses the PHP OpenID Library by JanRain. The version of the library used in the extension is 2.1.1. In future I plan at evaluating the use of the eZ Components OpenID Authentication module.

Features

The extension provides the following features:
  • Login using OpenID
  • Register Using OpenID
  • OpenID URL management
Both the OpenID Login and User Registration work in parallel to the existing systems, allowing users to login & register in a regular manor. The templates have been created for the admin & ezwebmin interface. The login screen will show the original as well as the OpenID login.

Clicking on the OpenID Register button will authenticate the user via the entered OpenID URL, retrieve some details from the OpenID profile and present the user with the registration form. Once the registration is processed the authenticated OpenID URL will be associated with the account. The user registration process has had the least testing.

The OpenID account management allows users to add and remove OpenID URLs that are associated with their account. The interface is available via a tab in the admin interface. Currently there are no ezwebmin (front end) specific templates.

The extension assumes you have an installed Website interface and works with eZ Publish 4.x.

Installing the OpenID extension

To use the extension, grab it from svn. From the extensions directory run

cd extension/
svn co http://svn.projects.ez.no/openid/trunk/ openid


and enable in the usual manor.

Create the table the holds the link between the OpenID URLs & the eZ users:

mysql -u[user] -p [database] < sql/openid.sql

Clear caches.

Create an OpenID account

If you don't already have an open ID account get yourself one. I've used ClaimID, but there are plenty of other options. I've also used MyOpenID, SignOn and Sxipper which also has a great firefox identity/password manager add on.

Register an OpenID URL via Admin Interface

If the OpenID extension has been installed correctly you should see a OpenID Tab in the admin interface.

Clicking on the OpenID tab should produce a screen like:



You can now enter your OpenID URL into the field and click on "Register New OpenID" The extension will go off to the provider and ask you to authenticate. Once authenticated you will be asked if you want to:
  1. Login - Authorise login once
  2. Login and Trust - Authorise login for this and subsequent accesses
  3. Cancel - Don't authorise login
Choosing the either of the first two options will allow the OpenID URL to be registered against the currently logged in user. Choosing the "Cancel" option will result in the registration failing. (Note: These specific options are ClaimID specific. Other providers will have similar functionality but it may be presented differently)

You should be able to logout and log back in using the registered OpenID URL. If you have previously loged in and trusted the site you will not have to enter your password.

Register a new user with an OpenID URL

Users are able to register using their OpenID URL from the login form. Entering an OpenID URL and clicking on the register button will pass the user off to the OpenID provider to authenticate and trust the site. Users will be asked if some of your persona information can be passed back to eZ Publish to prefill the user registration form.


The persona information is quite specific and currently only the email address is used. The mapping of the availiable persona information to the eZ user is one area that would benefit from work.

Once authenticated the user is able to progress with the regular user registration process. once completed the user will be able to login using the registered OpenID URL.

The user registration process has not been fully tested.

Future of this extension

This extension was put together as a working prototype and as such is quite rough around the edges. It requires quite a bit of the existing user module & associated templates to be replicated and this makes it a pain to maintain.

The user authentication components of eZ Publish are not constructed in a way that makes it easy to implement OpenID style authentication systems. I hope and suspect that future versions of eZ publish will address this.

I may work on the extension from time to time but am unlikely to spend any real time on it in the near future. If you are interested feel free to signup as a project member, or contact me directly.

There is an existing Open Funding suggestion for OpenID support that may provide a means for getting OpenID support into eZ publish.

Comments

  1. Using Yahoo! openID when login/registering my OpenID for my website, when it returns from the Yahoo confirmation page, ezpublish is displaying my page using the default siteaccess instead of the one that my domain is using. But if then I click on the address bar and press enter. It's OK.

    See at www.qhphotography.com

    ReplyDelete
  2. Hello Bruce, I am planning to develop a login system using X509 certificates to EZ. I intend to use your module as a base because it is well structured. My module is GPL too!

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

eZ Publish Admin Prototype extension

eZ Publish 5 Virtual Machine

eZ Publish Admin redesign - Dashboard = OpenSocial?