Tuesday, April 22, 2008

OpenID login for Knowledgetree

I have replaced (not integrated) KnowledgeTree authentication with OpenID. Supporting both default and OpenID authentication requires more work and that can come later.

This is by no means final since only limited testing has been performed so far. I've decided to post this in its raw form so I can solicit comments and suggestions from the community. And besides, my blog has not been updated for awhile now..

I'll detail the procedures here. I took notes but I may have missed something. Diligence is not one of my virtues..

  • Copy login.php to login-orig.php (save original, let's modify login.php)
  • Change template ktcore/login -> ktcore/openid
  • Copy ./templates/ktcore/login.smarty to openid.smarty
    - change invocation of stylesheet kt-login.css -> kt-openid.css
    - change the Username prompt label to OpenID
    - add class="openid" to input tag for username
    - change name="username" to name="openid_url"
    - remove the password input field

  • Download the OpenID logo
  • Upload logo as openid-bg.png to ./resources/graphics
  • Copy ./resources/css/kt-login.css to kt-openid.css
  • Add input.openid to kt-openid.css, as follows:
    input.openid {
    border: 1px solid #666;
    width: 232px;
    background: url(../graphics/openid-bg.png) no-repeat;
    padding-left: 18px;
    }
Note the OpenID logo in the input field. This is implemented by the input.openid section of the stylesheet. I also changed the input field name to openid_url in conformance to OpenID specifications. I'm using Verisign PIP as OpenID Identity Provider and the Seatbelt browser plug-in kicks in only when openid_url is used as identifier.

I installed version 2.x.x of the PHP OpenID Library, as follows:
  • Create the directory ./thirdparty/OpenID
  • Copy the file common.php found in the examples directory. Also copy the Auth directory from the library.
  • Add the following functions to common.php
    function fixslashes($s) {
    return get_magic_quotes_gpc() ? stripslashes($s) : $s;
    }

    function normOpenIDUrl($oid_url) {
    $claimed_id = strtolower (fixslashes($oid_url));
    $has_scheme = preg_match ('#^https\://#', $claimed_id) === 1;
    $has_scheme = $has_scheme || preg_match ('#^http\://#', $claimed_id) === 1;
    $has_tslash = preg_match ('#/$#', $claimed_id) === 1;
    return (($has_scheme?'':'http://') . $claimed_id . ($has_tslash?'':'/'));
    }
  • Overwrite the original functions in common.php with these
    function getReturnTo() {
    return sprintf("%s://%s:%s/login.php",
    getScheme(), $_SERVER['SERVER_NAME'],
    $_SERVER['SERVER_PORT']);
    }

    function getTrustRoot() {
    return sprintf("%s://%s:%s/",
    getScheme(), $_SERVER['SERVER_NAME'],
    $_SERVER['SERVER_PORT']);
    }
  • Change config/dmsDefaults.php to include the library in the path..
    $KTInit->prependPath(KT_DIR . '/thirdparty/OpenID');
The rest of the changes are in login.php, the source of which can be found here.

I've disabled automatic sign-up so make sure to create an OpenID account with Administrator privileges before you apply the changes. To prevent duplicate accounts, the usernames are OpenID URLs in normalized form (with leading http:// and trailing /). Thus, the username http://pipoltek.blogspot.com/ applies to any of the following acceptable OpenID identity URLs:
  • pipoltek.blogspot.com
  • http://pipoltek.blogspot.com
  • http://pipoltek.blogspot.com/
I've successfully authenticated using my OpenID accounts from Blogspot, Technorati and Verisign PIP. However, I had login failures using my Yahoo OpenID and a delegate identity URL.

My testbed:
  • VMWare Server version 1.0.4.56528
  • KnowledgeTree OSS 3.4.2 VM Appliance from rPath
  • Microsoft Windows XP Home Service Pack 2
  • Mozilla Firefox 2.0.0.14

1 comment:

Anonymous said...

Hi, just found your site. Would your modifications work on version 3.6.x of KnowledgeTree too? Thank you!