Using SimpleID

Logging into OpenID-enabled web sites

How to log into OpenID enabled web sites using SimpleID.

Managing your SimpleID profile

How to manage your SimpleID profile, such as maintaining a list of sites you have visited.

Extensions

SimpleID supports a number of OpenID extensions, including the Simple Registration Extension. This section shows you how to install and use them.

Logging into OpenID-enabled web sites

To log in into an OpenID-enabled site:

  1. You should see an OpenID log in box on your site, which should look like the following.

    OpenID login box

  2. Type your identifier URL and submit the form. The site will now contact your SimpleID server to establish a secure connection. Depending on the speed of your web server, this may take about half a minute.

  3. If you have not logged into SimpleID, SimpleID will ask you to do so.

  4. When you log into an OpenID-enabled site for the first time, you will be presented with a page that is similar to the following.

    Site login page

    The page will vary depending the extensions you have installed.

  5. To continue logging in to the site, click OK. The site will then become one of your trusted sites.

    If you select the Automatically send my information to this site for any future requests check box, this page won’t appear again the next time you log in to this site.

Some sites require you to log into SimpleID *before* logging into the site.
You can only log in to each SimpleID installation as one user (and so one OpenID identifier) at any one time.

Managing your SimpleID profile

You can manage your SimpleID profile by going directly to your SimpleID server’s URL.

If you have logged into an OpenID-enabled web site using SimpleID during your browser’s session, you will be taken directly to the dashboard. Alternatively, you can log into SimpleID directly from this URL.

Once you have entered to the dashboard, you can check what you have provided in your identity file. In addition, you can modify the settings for all the web sites you have visited.

Logging into SimpleID

You generally don’t need to log into SimpleID first before you can use it to access OpenID-enabled web sites. When you log into these web sites, SimpleID automatically checks whether you have logged in using the identity you have supplied. If you haven’t logged into SimpleID, SimpleID will present the log in page for you to supply your login details.

You can also log into SimpleID manually by going to the URL where you have installed SimpleID. This sends you to your SimpleID home page or dashboard, depending on the version of SimpleID you are using.

When you log in, you will be presented with the log in page.

SimpleID login page

You will notice one of the following status messages on the login page:

  • Secure login using HTTPS. You are connected to the SimpleID server using Transport Layer Security. Your user name and password will be encrypted as it is sent to the SimpleID server.

  • WARNING: Your password will be sent to SimpleID as plain text. You have chosen, in your configuration, to allow passwords to be sent unsecurely. Your password will be sent to SimpleID as plain text. Please note that an attacker may be able to detect your password if you log in using the method.

If you do not see the log in page, it may be because your server does not support HTTPS. SimpleID will always redirect you to the encrypted version of the log in page.

Login verification

To further protect your profile, you can enable login verification. Login verification adds an extra layer of security using one-time passwords generated by another device (such as your phone). Thus in order to access your profile, an attacker will need to have access to your device as well as knowing your user name and password.

What you need

You will need a device (such as a smartphone) that supports RFC 6238 Time-based One-time Password Algorithm. Examples of smartphone apps support this algorithm include:

  • Google Authenticator
  • Microsoft Authenticator
  • FreeOTP

How to enable

  1. Log in to SimpleID
  2. From the My Profile page, go to the Login Verification box, then click Enable.
  3. Enter the key shown on the page into your device. If your device supports scanning QR codes, you can also scan the QR code shown.
  4. Enter the 6 digit verification code shown on your device and click Verify.

Login verification is then enabled. Every time you attempt to log in using this account, you will be prompted to enter the 6 digit verification code shown on your device.

How to disable

  1. Log in to SimpleID
  2. From the My Profile page, go to the Login Verification box, then click Disable.

Viewing my profile

The My Profile page contains some basic information about your identity, as specified in your identity file.

It contains a facility to generate the code required to claim your identifier.

If you have extensions installed, your extension may also provide additional information on your profile on this page.

Managing my sites

The My Sites tab contains a list of all the sites you have logged in using SimpleID. For each site, SimpleID stores two types of data:

  • some technical information about the site itself (e.g. what OpenID features the site supports), and
  • your preferences on whether your identity information should be sent automatically to the site when you log in, without prompting for your permission.

Removing a site

To remove a site from the list:

  1. Click the checkbox in the Remove column corresponding to the site’s URL.
  2. Click the Submit button.

Changing identity information preferences

To change your preference on whether your identity information should be sent automatically to the site:

  1. Switch the checkbox in the Automatic column corresponding to the site’s URL on or off as required.
  2. Click the Submit button.

Extensions

SimpleID has the ability to support “extensions”. Extensions are PHP files containing code which extends the functionality of SimpleID. The code within extensions follow a set of conventions which allows SimpleID to call them during key parts of the OpenID authentication process.

The main purpose of SimpleID extensions is to provide a way in which to implement OpenID extensions. However, the system is flexible enough for SimpleID extensions to function in other ways.

Extensions are named name.extension.inc, where name is the name of the extension. Each extension resides in its own directory underneath the extensions subdirectory of the SimpleID web directory (www).

If you want to write your own extensions, see the developer web site.

Installing and uninstalling extensions

Installing an extension

To install an extension:

  1. If the extension is not included in the default SimpleID distribution:

    1. Extract the archive containing the extension into a temporary directory

    2. Move the contents of the www directory (including any subdirectories) into the web directory.

  2. To enable the extension, edit the SIMPLEID_EXTENSIONS configuration option in the config.inc file and add the name of the extension. Separate multiple extensions with commas. For more information on how to edit this configuration option, see the Configuration Options Reference.

If the version of SimpleID you originally installed was before 0.5, the SIMPLEID_EXTENSIONS configuration option may not exist in your config.inc file. You can add it in manually.

Uninstalling an extension

To uninstall an extension

  1. Edit the SIMPLEID_EXTENSIONS configuration option in the config.inc file and delete the name of the extension. For more information on how to edit this configuration option, see the Configuration Options Reference.

  2. You can also delete the extension file from the web directory. This is an optional process.

Attribute Exchange Extension

About this extension

This extension, ax.extension.inc, partially implements the OpenID Attribute Exchange Extension. It basically allows you to specify identity information, and have SimpleID provide them automatically to web sites which request them.

This extension only implements the fetch message section of the extension. That is, it allows relying parties to retrieve identity data from SimpleID, but it does not allow relying parties to push data back to SimpleID.

Installing and uninstalling

This extension is bundled with the default SimpleID installation.

To uninstall this extension, see Installing and uninstalling extensions.

Specifying attributes

The attributes is specified in your identity file. Simply add a section called ax in your identity file and specify the details there.

For what can be specified in this section, see the specifications. For a list of common attributes, see the draft specifications.

An example is given below.

[ax]
http://openid.net/schema/company/name="Example Company Limited"
http://openid.net/schema/company/title="Managing Director"
http://openid.net/schema/contact/web/blog="http://simpleid.sourceforge.net/"

Sending identity data to an OpenID site

When you log into an OpenID site, and the site asks for your identity data using this extension, you will see extra information in the log in page.

Provider Authentication Policy Extension

About this extension

This extension, pape.extension.inc, implements the OpenID Provider Authentication Policy Extension. It allows SimpleID to tell the relying party the authentication policies applied when a user logs into SimpleID. It also allows relying parties to require re-authentication once a user has logged in for a particular period of time.

Installing and uninstalling

This extension is bundled with the default SimpleID installation.

To uninstall this extension, see Installing and uninstalling extensions.

Configuring

No configuration is required, as SimpleID does not have the configurable authentication policies.

Simple Registration Extension

About this extension

This extension, sreg.extension.inc, implements the OpenID Simple Registration Extension. It basically allows you to specify details which you normally provide when you register for web sites (such as your name and e-mail address), and have SimpleID provide them automatically to web sites which request them.

Installing and uninstalling

This extension is bundled with the default SimpleID installation. From version 0.5, this version is enabled automatically.

To uninstall this extension, see Installing and uninstalling extensions.

Specifying registration information

The registration information is specified in your identity file. Simply add a section called sreg in your identity file and specify the details there.

For what can be specified in this section, see the specifications. Note that the registration information in the identity file are specified without the openid.sreg. prefix.

An example is given below.

[sreg]
nickname=Example
email=example@example.com
fullname=Example
dob=2000-00-00
gender=M
postcode=1234
country=en
language=au
timezone=Australia/Sydney

Sending registration information to an OpenID site

When you log into an OpenID site, and the site asks for your registration information using this extension, you will see extra information in the log in page.

User Interface Extension

About this extension

This extension, ui.extension.inc, implements the draft OpenID User Interface Extension. It allows relying parties to alter SimpleID’s user interface presented to users when they log into the relying party.

Installing and uninstalling

This extension is bundled with the default SimpleID installation. From version 0.8, this version is enabled automatically.

To uninstall this extension, see Installing and uninstalling extensions.

Configuring

No configuration is required.