aboutsummaryrefslogtreecommitdiff
path: root/doc/plugins/openid.mdwn
blob: a061cb43ffd51450a3216b4e57bd40b1f5e4be82 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

[[!template id=plugin name=openid core=1 author="[[Joey]]"]]
[[!tag type/auth]]

This plugin allows users to use their [OpenID](http://openid.net/) to log
into the wiki.

The plugin needs the [[!cpan Net::OpenID::Consumer]] perl module.
Version 1.x is needed in order for OpenID v2 to work.

The [[!cpan LWPx::ParanoidAgent]] Perl module is strongly recommended.
The [[!cpan LWP]] module can also be used, but is susceptible to
server-side request forgery.

The [[!cpan Crypt::SSLeay]] Perl module is needed
to support users entering "https" OpenID urls.

This plugin is enabled by default, but can be turned off if you want to
only use some other form of authentication, such as [[passwordauth]].

## options

These options do not normally need to be set, but can be useful in
certain setups.

* `openid_realm` can be used to control the scope of the openid request.
  It defaults to the `cgiurl` (or `openid_cgiurl` if set); only allowing
  ikiwiki's [[CGI]] to authenticate. If you have multiple ikiwiki instances,
  or other things using openid on the same site, you may choose to put them
  all in the same realm to improve the user's openid experience. It is an
  url pattern, so can be set to eg "http://*.example.com/"

* `openid_cgiurl` can be used to cause a different than usual `cgiurl`
  to be used when doing openid authentication. The `openid_cgiurl` must
  point to an ikiwiki [[CGI]], and it will need to match the `openid_realm`
  to work.

## troubleshooting

See [[plugins/openid/troubleshooting]] for a number of issues that may
need to be addressed when setting up ikiwiki to accept OpenID logins reliably.

## delegation

This plugin does not take care of doing the "server" part of the
OpenID protocol, only the "client" part. In other words, it allows
users to login to your site through OpenID, but is not in itself an
OpenID provider.

It is possible, however, to use your Ikiwiki site as a delegation
point to another OpenID provider. For this, use the
[[ikiwiki/directive/meta/]] directive with the `openid` parameter.
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-03 03:28:51 +0000