This article will show you how to use the OpenID delegation feature
which allows you to use your own domain as an identifier for OpenID.
If you want to use OpenID as an authentication mechanism, but are
afraid of the fact that your OpenID provider may die in the future, or
you simply might want to use another provider in the future, you can
use a delegation model with OpenID.
A reason to change the OpenID provider might be, that your current
OpenID provider does not support an authentication mechanism you like
to, as for example the YubiKey or something like that.
Let’s say you want to use
http://xyz.example.com as your OpenID and
you want to use clavid.com as your Identity Provider, you have to
execute the following steps.
Create a (sub-)domain for example.com called xyz.
This can for example be done by adding another virtual host to your
apache configuration. The configuration might look like the following
Create a index.html file inside your document root
As a next step you have to create a index.html file in your document
root (in this case /var/www/xyz) with the following content in order
for OpenID services being able to find your current identity provider.
<html><head><title>Jens' OpenID delegation page</title><linkrel="openid.server"href="http://www.clavid.com/provider/openid"/><linkrel="openid2.provider"href="http://www.clavid.com/provider/openid"/><linkrel="openid.delegate"href="http://jens.clavid.com"/><linkrel="openid2.local_id"href="http://jens.clavid.com"/></head><body><h1>This page is used for OpenID delegation.</h1>For more information on OpenID either visit <ahref="http://openid.net">http://openid.net<a> or <ahref="http://clavid.com">http://clavid.com</a></body></html>