How to Set Up OpenID on Your Own Domain

For some reason I was under the mistaken impression that setting up an OpenID on my own domain, ginatrapani.org, would be a big hassle: that I’d have to host my own OpenID server software and that it would take all sorts of installation and maintenance BS to do so. I feel strongly about owning my identity online, mapping it to my nameplate domain, and actively choosing an authorizing party instead of just accepting the sign-in service du jour like Facebook, Twitter, Yahoo, or Google. Still, I never got set up with OpenID on ginatrapani.org because my perceived hassle factor was daunting. Instead, I used idproxy.net for my OpenID and put the domain setup on my “someday I have to do that” list. It meant that my OpenID was ginatrapani.idproxy.net instead of my own domain. Idproxy is a great service and I thank them for getting me started with OpenID; but still, I want my OpenID URL to be a domain name I own and control.

Turns out I was dead wrong about the hassle. Setting up OpenID capabilities on your own domain name is a two-lines-of-HTML affair, and it’s finally done. (Thanks to Chris Messina for bringing me into the year 2006.) If you’re interested in doing the same, here’s what to know.

First, Google Profiles (and, it turns out, idproxy.net and ClaimID and a bunch of other OpenID providers) can work with your domain name, so all I have to do is add a few<link rel>tags to your HTML to get things set up. Second, you can specify multiple OpenID providers, so if idproxy.net was down or Google Profiles was down, you can have a provider fallback. Sweet. Now, in the<head>tags of ginatrapani.org you will find the following:


<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" >
<link rel="openid2.local_id" href="http://www.google.com/profiles/ginatrapani" >


That sets Google Profiles as the authorizing party for my OpenID, but my OpenID URL is ginatrapani.org. You can see my new OpenID in action right here; I signed into this very site with my new OpenID and posted a comment.

I’m not sure yet how to set Idproxy as my “fallback” provider just yet; if you know how to do that, post it up in the comments.

Thanks to the folks in this Stack Overflow thread for clearing up how to use Google Profiles as an OpenID provider and to Chris for a great discussion of OpenID, OAuth, and verifying identity on the web.