After a survey of available single sign-on solutions [for a client], we decided to go with an OpenID based approach since we needed to support different domains, wanted to avoid sharing user tables and did not want to add complex system requirements for browser clients or the server. [...] The great advantage of this scenario is that we know which five sites need to play nicely together and all of them are Drupal sites under the client's control. This premise allows us to add an additional site as a designated OpenID provider that we call "Hub" and make all five sites point to the Hub as their default identity provider.

They use two modules to make everything work together - OpenID SSO and OpenID Provider SSO and a PubSubHubbub model for keeping the user information up to date.

It is possible that you get an '�Invalid OpenID'� error when you try to login with the Google OpenID (https://www.google.com/accounts/o8/id), or any other OpenID that uses '�https'�. In this case, the following steps might help to fix this issue.

He points out that you'll need curl and OpenSSL installed and set up to work with your PHP installation (ether compiled in or included as shared modules. Because of the change from the "http" to "https" format you'll need those two components to create that kind of connection.

Solar makes heavy use of Adapter based classes, Solar_Auth is one of these. This makes adding additional methods pretty easy and allows you to borrow from other Frameworks without having to Hack in a third party auth setup, You can use the basics provided by Solar.

He includes a code example showing how to extend the Solar_Auth_Adapter component to create an OpenID adapter you can use as a part of your authentication process. His Solar component encourages code reuse too by using the Zend Framework native OpenID implementation as its authetication functionality.

For this example, we're going to allow our users to authenticate in one of multiple ways: e.g., against a database table, against an LDAP server, or by OpenID [1]. Zend_Auth already provides the necessary authentication adapters, so what we'll be concerned with here is how to implement all three systems without ending up in an FSUC situation.

He defines the code for the basic controller and a simple view that allows the user to select how they want to log in - email/password, username/password or OpenID. The model does all of the heavy lifting by letting the controller set the authentication type (strategy) and pulling in the correct Zend_Form instance along with its validation rules. Code is also included for the model and each of these.

Some of the tools you'll need are the OpenID plugin, RoleScoper, Adminimise and some knowledge of working with the WordPress files directly to add in the OpenID support. You'll also need to set up your blog to accept new registrations.

Sample code is included for "OpenID-ing" the page with a new kind of login form.

I'll show you how to take advantage of a powerful open user identification service known as OpenID, and show you how to incorporate OpenID authentication and identification features into your Zend Framework-powered website. Even if you haven't started taking advantage of a web framework such as Zend's, this tutorial will serve two important purposes, demonstrating not only the allure of OpenID, but also how a framework such as the Zend Framework can greatly reduce development time.

He points to several places you can set up an OpenID account and mentions the Zend_Auth component that already includes all of the methods you'll need to validate a user based on their choice of provider. He creates a simple form and makes an indexAction in his controller that makes a Zend_OpenId_Consumer object to grab the user's information and verify the login.

OpenID is another one of those "cool technologies you've never heard of" type of deals. OpenID is an open source initiative that provides a way for Web users to register their identity in one place and then use that identity anywhere on the Web that supports OpenID. [...] Before getting an OpenID, though, I should point out that it's not required that you run an OpenID provider to OpenID-enable your application. In fact, no special software or service is required in your Web application. The only requirement is that your Web server programming language be able to make HTTP requests of the OpenID provider, which is something all of them can do.

Once you have your OpenID account set up, his simple script, making use of the ability that any version of PHP has to open URLs, can authenticate off of a remote OpenID service - that has the cURL extension compiled in.

The Zend Framework has a pretty good OpenID library. I was looking for a library written for PHP5 (strict), and this seemed like a good choice...

He mentions some of both sides of the argument - (the good) the flexibility of the library to work with different backend storage methods and (the bad) the requirements it has for the Zend Framework sessions system for authentication.

Identi.ca is a microblogging service. Users post short (140 character) notices which are broadcast to their friends and fans using the Web, RSS, or instant messages. It runs on the Free Software Laconica tool.

If you'd like to give it a shot you can register for an account of your own and start posting. It also supports OpenID authentication.

OpenID, a free, open-source framework for "single sign-on" across different Web sites and applications. The even better news? There already exist a bunch of PHP widgets that allow developers to easily integrate OpenID into a PHP application, and this article is going to show you how to use them. So what are you waiting for? Flip the page, and let's get going!

For those not familiar with the authentication method, he defines OpenID and shows how it can help with the "too many passwords, too many accounts" problem many users face. He uses the PHP OpenID Library and the Authentication::OpenID_Consumer PEAR package (as well as several other PEAR packages to help with the connections and message formatting). He builds two simple forms to use the service - one to authenticate a user and another to create a new account.