X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/e43cd269d2b492da6fc4bfdc3d6930e88f1dfa0c..1b9daeadf2f7d6e64ef9fbde7d82088c76c82424:/doc/plugins/openid.mdwn?ds=sidebyside diff --git a/doc/plugins/openid.mdwn b/doc/plugins/openid.mdwn index 2bd686d44..a061cb43f 100644 --- a/doc/plugins/openid.mdwn +++ b/doc/plugins/openid.mdwn @@ -1,25 +1,51 @@ -[[template id=plugin name=openid included=1 author="[[Joey]]"]] -[[tag type/auth]] +[[!template id=plugin name=openid core=1 author="[[Joey]]"]] +[[!tag type/auth]] This plugin allows users to use their [OpenID](http://openid.net/) to log into the wiki. -The plugin needs the `Net::OpenID::Consumer` perl module. The -`LWPx::ParanoidAgent` perl module is used if available, for added -security. Finally, the `Crypt::SSLeay` perl module is needed to support -users entering "https" OpenID urls. - -This plugin supports the -[myopenid.com affiliate program](http://myopenid.com/affiliate_welcome), -which can be used to help users sign up for an OpenID and log into your -site in a single, unified process. When you create the affiliate, specify a -login url like `http://example.com/ikiwiki.cgi?do=postsignin`. Users who -create an OpenID will then be logged in and sent on their way in the wiki. - -This plugin has a configuration option. You can set `--openidsignup` -to the url of a third-party site where users can sign up for an OpenID. If -it's set, the signin page will link to that page. To make the wiki's signin -page direct users to the affiliate signup page, set the `openidsignup` -configuration parameter to the URL of the signup page. - -This plugin is included in ikiwiki, but is not enabled by default. +The plugin needs the [[!cpan Net::OpenID::Consumer]] perl module. +Version 1.x is needed in order for OpenID v2 to work. + +The [[!cpan LWPx::ParanoidAgent]] Perl module is strongly recommended. +The [[!cpan LWP]] module can also be used, but is susceptible to +server-side request forgery. + +The [[!cpan Crypt::SSLeay]] Perl module is needed +to support users entering "https" OpenID urls. + +This plugin is enabled by default, but can be turned off if you want to +only use some other form of authentication, such as [[passwordauth]]. + +## options + +These options do not normally need to be set, but can be useful in +certain setups. + +* `openid_realm` can be used to control the scope of the openid request. + It defaults to the `cgiurl` (or `openid_cgiurl` if set); only allowing + ikiwiki's [[CGI]] to authenticate. If you have multiple ikiwiki instances, + or other things using openid on the same site, you may choose to put them + all in the same realm to improve the user's openid experience. It is an + url pattern, so can be set to eg "http://*.example.com/" + +* `openid_cgiurl` can be used to cause a different than usual `cgiurl` + to be used when doing openid authentication. The `openid_cgiurl` must + point to an ikiwiki [[CGI]], and it will need to match the `openid_realm` + to work. + +## troubleshooting + +See [[plugins/openid/troubleshooting]] for a number of issues that may +need to be addressed when setting up ikiwiki to accept OpenID logins reliably. + +## delegation + +This plugin does not take care of doing the "server" part of the +OpenID protocol, only the "client" part. In other words, it allows +users to login to your site through OpenID, but is not in itself an +OpenID provider. + +It is possible, however, to use your Ikiwiki site as a delegation +point to another OpenID provider. For this, use the +[[ikiwiki/directive/meta/]] directive with the `openid` parameter.