OpenId Adventures

I’ve spent the last three days trying to implement OpenID for The Conversations Network’s web sites. I’m familiar with the concepts and protocols, so I figured it wouldn’t take much effort. I guess that’s what I get for being so self-confident. I still don’t have a solution to the current snag. Maybe someone else knows a workaround or at least some search engine will find this so others can avoid the traps I’ve fallen into.

All our sites are built on PHP5. I develop on OS X, check my code into Subversion, then checkout onto our live servers running RHEL. I chose the OpenID Enabled library. It’s really the only choice as far as I know.

I don’t know whether it’s a bug, poor documentation, or just our peculiar architecture, but there was an incompatibility between OpenID Enabled and my code that took about 12 hours to find. (If the URL of your response receiver includes a query string, you’ll have some extra work to do.) I finally got past that, coded new pages for login, registration and managing multiple OpenIDs for a user, and checked it into svn. I installed the library on the RHEL server and updated the code there. Didn’t work.

It turns out that the OpenID Enabled library needs an XML parser, either domxml (which is no longer available) or the newer/better DOM, which comes with the PHP 5 core code. But we use yum, and the yummy version of PHP5 was built with the –disable-dom option. So no XML parser and hence no OpenID. Aargh!

Sysadmin Tim doesn’t want to mess with another PHP5 build, and after years of working with him — and sometimes ignoring his advice — I’ve learned he’s always right. Surely, replacing our PHP5 (or even rebuilding it) would likely break something else. So I’m stuck until I can either find another OpenID library that doesn’t require the DOM XML parser, or some replacement for that parser. Too bad. OpenID is sort of cool.

Update: Problem solved. Just ran “%yum install php-xml” and restarted Apache. We now have OpenId across all The Conversations Network’s web sites.

2 thoughts on “OpenId Adventures

  1. Hey Doug…very excited to hear about the OpenID support. I logged in just now (kenzoid), and saw that I could assign an OpenID to an existing account; excellent! Sometimes, people wire up OpenID for new accounts and forget/postpone support for existing accounts.

    Unfortunately, it didn’t work! I use OpenID delegation from my main URL:, and when I input that URL, I got the response: “Authentication error; not a valid OpenID.” I know this isn’t the case, though…I use it many places succesfully, and delegation is an explicit part of the spec.

    It does appear that delegation is part of the issue, though; I just tried with my “direct” URL to my provider (, and the verfication box just popped up.

    Can you take a look at the delegation support, and if there are any issues?? I’d much prefer to register with Thanks!!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s