开发者

Setting up OpenID delegation on a naked domain with Google App Engine or ZoneEdit

开发者 https://www.devze.com 2022-12-12 01:00 出处:网络
Background I used to开发者_C百科 have a standard Linux hosting account for my domain with both http://www.tjrobinson.net/ and http://tjrobinson.net/ displaying the same content. I used http://tjrobin

Background

I used to开发者_C百科 have a standard Linux hosting account for my domain with both http://www.tjrobinson.net/ and http://tjrobinson.net/ displaying the same content. I used http://tjrobinson.net/ as my OpenID login which, combined with the markup below, let me use ClaimID as my OpenID provider but with a shorter, more portable and nicer identifier.

<link rel="openid.server" href="http://openid.claimid.com/server" /> 
<link rel="openid.delegate" href="http://openid.claimid.com/tjrobinson" />

Problem

I've now switched web hosting over to Google App Engine. The problem is I can't use http://tjrobinson.net/ as my OpenID login anymore as Google App Engine doesn't support 'naked domains'.

I use ZoneEdit to host my DNS and although I can set up a WebForward (301 Redirect) to http://www.tjrobinson.net/, it doesn't work with the OpenID delegation.

Question

Is there a way I can set up OpenID delegation for the naked domain using either Google App Engine or ZoneEdit (or another free service)?


Update

Strange, it seems to be working now - perhaps it was a problem with Stack Overflow, or my DNS changes hadn't fully propagated? It looks like the 301 Redirect does work after all, at least with the Stack Overflow and other OpenID enabled sites I've tried.


The specification on identity discovery explicitly calls for the consumer to follow all redirects.

From section 7.2. Normalization of OpenID 2.0 specification:

URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] [...] to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication (Requesting Authentication).

Your setup is expected to work fine.


You can't host App Engine sites on 'naked' domains. If, as you say, sending a 302 doesn't work (I'm guessing it'll actually prove to be somewhat dependent on the site in question), you need to find somewhere to host a simple static file on the naked domain for the base name.

0

精彩评论

暂无评论...
验证码 换一张
取 消