openid:janrain php openid : consumer / server example


A Discovery, originally uploaded by More Altitude.

Yadisのdiscoveryでおおはまり。

[root@localhost ~]# wget http://openidenabled.com/files/php-openid/packages/php-openid-2.1.0.zip

[root@localhost ~]# unzip php-openid-2.1.0.zip

[root@localhost ~]# cat /etc/httpd/sites-available/admin.centos.hdknr.conf  | sed "s/admin/openid/" > /etc/httpd/sites-available/openid.centos.hdknr.conf

[root@localhost ~]# ln -s /etc/httpd/sites-available/openid.centos.hdknr.conf /etc/httpd/sites-enabled

[root@localhost ~]# dig +short openid.centos.hdknr
192.168.77.130

[root@localhost openid.centos.hdknr]# pwd
/var/www/openid.centos.hdknr

[root@localhost openid.centos.hdknr]# cp -r /root/php-openid-2.1.0 .

[root@localhost openid.centos.hdknr]# vi /etc/httpd/sites-available/openid.centos.hdknr.conf

<VirtualHost *:80>
    ServerAdmin webmaster@openid.centos.hdknr
    DocumentRoot  /var/www/openid.centos.hdknr
    ServerName openid.centos.hdknr
    ErrorLog logs/openid.centos.hdknr-error_log
    CustomLog logs/openid.centos.hdknr-access_log common

    Alias /server/ "/var/www/openid.centos.hdknr/php-openid-2.1.0/examples/server/"

    Alias /consumer/ "/var/www/openid.centos.hdknr/php-openid-2.1.0/examples/consumer/"

</VirtualHost>

[root@localhost openid.centos.hdknr]# /etc/init.d/httpd restart
httpd を停止中:                                            [  OK  ]
httpd を起動中:                                            [  OK  ]

 

[root@localhost php-openid-2.1.0]# echo "create database openid" | mysql

[root@localhost php-openid-2.1.0]# echo "grant all privileges on openid.* to ‘openid’@’%’  identified by ‘openid’ with grant option " | mysql

openidserver_thumb1

openidserver2_thumb1

 

config.php を作成。

 

[Mon Jun 30 10:39:10 2008] [error] [client 192.168.77.1] PHP Fatal error:  require_once() [<a href=’function.require’>function.require</a>]: Failed opening required ‘DB.php’ (include_path=’/var/www/openid.centos.hdknr/php-openid-2.1.0:.:/usr/share/pear:/usr/share/php:/var/www/openid.centos.hdknr/php-openid-2.1.0′) in /var/www/openid.centos.hdknr/php-openid-2.1.0/examples/server/config.php on line 27

[root@localhost examples]# yum search pear  | grep DB
php-pear-MDB2-Driver-mysql.noarch : MySQL MDB2 driver
php-pear-MDB2.noarch : Database Abstraction Layer
php-pear-DB.noarch : PEAR: Database Abstraction Layer

[root@localhost examples]# yum install php-pear-DB -y

省略

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
php-pear-DB             noarch     1.7.13-1.el5.centos  extras            142 k
Installing for dependencies:
php-pear                noarch     1:1.4.9-4.el5.1  base              356 k

省略

 WS000047_thumb[1]_thumb[1]

WS000048_thumb[1]

 

[Mon Jun 30 11:03:43 2008] [error] [client 192.168.77.1] PHP Fatal error:  No XML parser was found in /var/www/openid.centos.hdknr/php-openid-2.1.0/Auth/Yadis/XML.php on line 366, referer: http://openid.centos.hdknr/consumer/

[root@localhost Auth]# yum search php | grep XML
php-xmlrpc.i386 : A module for PHP applications which use the XML-RPC protocol
php-xml.i386 : A module for PHP applications which use XML

[root@localhost Auth]# yum install php-xml -y

省略

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
php-xml                 i386       5.1.6-20.el5     base               94 k
Installing for dependencies:
libxslt                 i386       1.1.17-2.el5_1.1  updates           485 k

省略

再度 =hdknrを指定すると、LinkSafeの画面が開きました。そしてログイン成功。

WS000050_thumb[1]

 

LinkSafe とのAssociationとNounce

[root@localhost Auth]# ls -R /tmp
/tmp:
_php_consumer_test  hoge  log

/tmp/_php_consumer_test:
associations  nonces  temp

/tmp/_php_consumer_test/associations:
https-linksafe.ezibroker.net-3EI0.TdvzlKOiKRV1wHWuw_F5Mw-c6sC6lZ.5KBXGqmEd4apk99Ngi8

/tmp/_php_consumer_test/nonces:
4868408e—2jmj7l5rSw0yVb.vlWAYkK.YBwk-JFW8Jj.8rXC4Cu2oEbs50OTUV0o

/tmp/_php_consumer_test/temp:

Assosication:

[root@localhost Auth]# more /tmp/_php_consumer_test/associations/https-linksafe.ezibroker.net-3EI0.TdvzlKOiKRV1wHWuw_F5Mw-c6sC6lZ.5KBXGqmEd4apk99Ngi8
assoc_type:HMAC-SHA1
handle:{HMAC-SHA1}{4868408d}{qYM7TA==}
issued:1214791822
lifetime:120960
secret:j+7wZaCn7cbnpWMZIr+3pNJV8XM=
version:2

http://openid.centos.hdknr/server/server.php/idpage?user=hdknr でやってみる。

[Mon Jun 30 11:24:23 2008] [error] [client 192.168.77.1] PHP Notice:  Only variable references should be returned by reference in /var/www/openid.centos.hdknr/php-openid-2.1.0/examples/consumer/common.php on line 63, referer: http://openid.centos.hdknr/consumer/

function &getStore() {
    /**
     * This is where the example will store its OpenID information.
     * You should change this path if you want the example store to be
     * created elsewhere.  After you're done playing with the example
     * script, you'll have to remove this directory manually.
     */
    $store_path = "/tmp/_php_consumer_test";

    if (!file_exists($store_path) &&
        !mkdir($store_path)) {
        print "Could not create the FileStore directory '$store_path'. ".
            " Please check the effective permissions.";
        exit(0);
    }

//    return new Auth_OpenID_FileStore($store_path);
    $ret =& new Auth_OpenID_FileStore($store_path);
    return  $ret;
}

にしたらメッセージがでなくなったが、相変わらず、

WS000051_thumb[1] 

[Mon Jun 30 11:26:47 2008] [error] [client 192.168.77.1] Successfully fetched ‘http://openid.centos.hdknr/server/server.php/idpage?user=hdknr’: GET response code 206, referer: http://openid.centos.hdknr/consumer/try_auth.php?action=verify&openid_identifier=http%3A%2F%2Fopenid.centos.hdknr%2Fserver%2Fserver.php%2Fidpage%3Fuser%3Dhdknr

って返しているからYadisはうまくいっているような気がする(./Auth/Yadis/ParanoidHTTPFetcher.php) 。

ちなみに、手動でリクエスト。

[root@localhost examples]# curl http://openid.centos.hdknr/server/server.php/idpage?user=hdknr

<html>
<head>
  <link rel="openid2.provider openid.server" href="http://openid.centos.hdknr/server/server.php"/>
  <meta http-equiv="X-XRDS-Location" content="http://openid.centos.hdknr/server/server.php/userXrds?user=hdknr" />
</head>
<body>
  This is the identity page for users of this server.
</body>

となって、X-XRDS-Locationを優先するハズ。

[root@localhost examples]# curl http://openid.centos.hdknr/server/server.php/userXrds?user=hdknr

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns="xri://$xrd*($v*2.0)">
  <XRD>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/signon</Type>
      <Type>http://openid.net/signon/1.1</Type>
      <URI>http://openid.centos.hdknr/server/server.php</URI>
    </Service>
  </XRD>
</xrds:XRDS>
とエンドポイントは ~/server/server.php であってます。

[root@localhost examples]#  curl http://openid.centos.hdknr/server/server.php

<html>
  <head>
    <meta http-equiv="cache-control" content="no-cache"/>
    <meta http-equiv="pragma" content="no-cache"/>
    <title>OpenID Server Endpoint</title>
<link rel="stylesheet" type="text/css" href="http://openid.centos.hdknr/server/openid-server.css" />
  </head>
  <body>
    <div class="navigation"><p class="bottom"><a href="http://openid.centos.hdknr/server/server.php">PHP OpenID Server</a> &mdash; <a href="http://openid.centos.hdknr/server/server.php/login">Log In</a></p></div>
<div id="content">
    <h1>OpenID Server Endpoint</h1>
    <p>
  This is an <a href="http://www.openid.net/">OpenID</a> server
  endpoint. This server is built on the <a
  href="http://www.openidenabled.com/openid/libraries/php">JanRain PHP OpenID
  library</a>. Since OpenID consumer sites will need to directly contact this
  server, it must be accessible over the Internet (not behind a firewall).
</p>
<p>
  To use this server, you will have to set up a URL to use as an identifier.
  Insert the following markup into the <code>&lt;head&gt;</code> of the HTML
  document at that URL:
</p>
<pre>&lt;link rel="openid.server" href="http://openid.centos.hdknr/server/server.php" /&gt;</pre>
<p>
  Then configure this server so that you can log in with that URL. Once you
  have configured the server, and marked up your identity URL, you can verify
  that it is working by using the <a href="http://www.openidenabled.com/"
  >openidenabled.com</a>
  <a href="http://www.openidenabled.com/resources/openid-test/checkup">OpenID
  Checkup tool</a>:
  <form method="post"
        action="http://www.openidenabled.com/resources/openid-test/checkup/start">
    <label for="checkup">OpenID URL:
    </label><input id="checkup" type="text" name="openid_url" />
    <input type="submit" value="Check" />
  </form>
</p>

</div>
  </body>

 

Yadisのfetcherにsyslog()入れてみると、

Jun 30 12:19:47 localhost OpenID[11881]: curl-body:<html> <head>   <link rel="openid2.provider openid.server" href="http://openid.centos.hdknr/server/server.php"/>   <meta http-equiv="X-XRDS-Location" content="http://openid.centos.hdknr/server/server.php/userXrds?user=hdknr" /> </head> <body>   This is the identity page for users of this server. </body> </html>
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:0:HTTP/1.1 206 Partial Content
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:1:Date: Mon, 30 Jun 2008 03:19:47 GMT
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:2:Server: Apache/2.2.3 (CentOS)
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:3:X-Powered-By: PHP/5.1.6
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:4:Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:5:Pragma: no-cache
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:6:Set-Cookie: openid_server=2r12qtf7jq79jgqgb7i7jro463; path=/
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:7:Expires: Thu, 19 Nov 1981 08:52:00 GMT
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:8:X-XRDS-Location: http://openid.centos.hdknr/server/server.php/userXrds?user=hdknr
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:9:Connection: close
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:10:Content-Range: bytes 0-311/312
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:11:Content-Length: 312
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:12:Content-Type: text/html; charset=UTF-8
Jun 30 12:19:47 localhost OpenID[11881]: curl-headers:13:

XRDS-Locationにアクセスしていないっぽい。access.logにもないし。

 

仮想サイトを変更してみた.

rp : rp.centos.hdknr/consumer

op: op.centos.hdknr/sever

関係なし。 。。。。

 

どうやら ParanoidHTTPFetcher.phpにあるcurlがRange属性を入れてリクエストしているので、apache(ap_byterange_filter())が206を返しているっぽい。

//            curl_setopt($c, CURLOPT_RANGE,
 //                       "0-".(1024 * Auth_OpenID_FETCHER_MAX_RESPONSE_KB));

とコメントアウトすると、

WS000054_thumb[1]

WS000055_thumb[1]

 WS000056_thumb[1]

とOpenID認証が JanRainの server/ consumer 間で mysql を使って通ります。

ちなみに、

mysql> use openid;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+——————+
| Tables_in_openid |
+——————+
| oid_associations |
| oid_nonces       |
+——————+
2 rows in set (0.00 sec)

mysql> select * from oid_associations;
+————————–+———————————+———————-+————+———-+————+
| server_url               | handle                          | secret               | issued     | lifetime | assoc_type |
+————————–+———————————+———————-+————+———-+————+
| http://localhost/|normal | {HMAC-SHA1}{486872f8}{I1MUBg==} | .^��Ό�|�h#~�o�� | 1214804728 |  1209600 | HMAC-SHA1  |
+————————–+———————————+———————-+————+———-+————+
1 row in set (0.00 sec)

mysql> select * from oid_nonces
    -> ;
Empty set (0.00 sec)

カテゴリー: 未分類 パーマリンク

openid:janrain php openid : consumer / server example への12件のフィードバック

  1. Unknown より:

    qth01k gtg07y wow gold wow gold wow gold wow gold wow gold 股票软件 股票软件 大智慧 炒股软件 炒股软件 大智慧 进口轴承 美国签证 法国签证 全教振 中高年 転職 FX NSK轴承 TIMKEN轴承 水洗厂 全教振 全教振 深圳网页制作 深圳网页制作 进口轴承 NSK轴承 干洗设备 朗阁培训 英国签证 中高年 転職 FX 黑马股 毛穴 黒ずみ 毛穴 黒ずみ TIMKEN轴承 出会い系 コスメ コスメ wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold wow gold

  2. Unknown より:

    防火涂料 塑料机械 中空玻璃设备 模拟屏 画册 中空玻璃加工设备 画册设计 园林绿化 包装设计 激光测距仪 手提袋设计 夜视仪 标志设计 logo设计 纸盒设计 望远镜 雨花石 测量投影仪 南京雨花石 三坐标测量机 五彩石 雨花石工艺品 索道 二次元 大闸蟹 三坐标 阳澄湖大闸蟹 影像测量仪 金属复合板 投影仪 地毯 立式光学计 不锈钢复合板 测长机 工具显微镜 测长仪 地毯公司 角度仪器 控制台 园林绿化养护 梅花鹿养殖场 上胶机器

  3. Unknown より:

    http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E5%8C%BB%E8%96%AC%E5%93%81&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E5%8C%96%E7%B2%A7%E5%93%81&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E5%B0%B1%E8%81%B7&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E4%BF%9D%E6%B9%BF%E6%B6%B2&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+cm&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E3%83%92%E3%83%AB%E3%83%88%E3%83%83%E3%83%97&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E5%9F%BA%E7%A4%8E%E5%8C%96%E7%B2%A7%E5%93%81&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E6%96%B0%E7%A4%BE%E5%B1%8B&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E3%83%89%E3%83%A2%E3%83%9B%E3%83%AB%E3%83%B3%E3%83%AA%E3%83%B3%E3%82%AF%E3%83%AB&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E6%8E%A1%E7%94%A8&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E8%96%AC%E5%93%81&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E7%97%9B%E6%95%A3%E6%B9%AF&btnG=%E6%A4%9C%E7%B4%A2&lr=http://www.google.co.jp/search?hl=ja&q=%E5%86%8D%E6%98%A5%E9%A4%A8+%E6%BC%A2%E6%96%B9&btnG=%E6%A4%9C%E7%B4%A2&lr=

コメントを残す

以下に詳細を記入するか、アイコンをクリックしてログインしてください。

WordPress.com ロゴ

WordPress.com アカウントを使ってコメントしています。 ログアウト / 変更 )

Twitter 画像

Twitter アカウントを使ってコメントしています。 ログアウト / 変更 )

Facebook の写真

Facebook アカウントを使ってコメントしています。 ログアウト / 変更 )

Google+ フォト

Google+ アカウントを使ってコメントしています。 ログアウト / 変更 )

%s と連携中