<?xml version="1.0" encoding="utf-8"?>
<s1 title="HelpOnOpenIDProvider"><p></p>
<s2 id="MoinMoin as an OpenID Provider" title="MoinMoin as an OpenID Provider">
<p><p>Contents</p>
<ol><li>
<link anchor="M">MoinMoin as an OpenID Provider</link><ol><li>
<link anchor="C">Configuration</link></li>
<li>
<link anchor="P">Processing instruction</link></li>
<li>
<link anchor="C-1">Currently not implemented functionality</link></li>
</ol>
</li>
</ol>
<p> </p>
<p>/!\ If you&apos;re looking for allowing log-in in to Moin using OpenID (Moin being an OpenID Relying Party), please see <jump href="/wiki/HelpOnAuthentication">HelpOnAuthentication</jump>! </p>
<p><jump href="/wiki/MoinMoin">MoinMoin</jump> can be used as a flexible OpenID provider, allowing authentication with any of the existing authentication methods. </p>
<p><jump href="/wiki/MoinMoin">MoinMoin</jump>&apos;s OpenID provider code is very flexible, allowing various use cases. Generally, though, if the OpenID server is enabled, each user&apos;s homepage is also their OpenID. It is possible through a processing instruction, if permitted, to use any other page as the OpenID for a specific user if the page contains that processing instruction, see below. </p>
<p></p>
<s3 id="Configuration" title="Configuration">
<p>The OpenID server code supports several configuration variables that can restrict the way the wiki can be used as an OpenID provider: </p>
<p><table><tr><td><strong>Variable name</strong></td><td><strong>Default</strong></td><td><strong>Description</strong></td></tr><tr><td>openid_server_enable_user</td><td><code>False</code></td><td>If True, the OpenIDUser processing instruction is allowed.</td></tr><tr><td>openid_server_enabled</td><td><code>False</code></td><td>True to enable the built-in OpenID server.</td></tr><tr><td>openid_server_restricted_users_group</td><td><code>None</code></td><td>If set to a group name, the group members are allowed to use the wiki as an OpenID provider. (None = allow for all users)</td></tr></table> </p>
<p></p>
</s3>
<s3 id="Processing instruction" title="Processing instruction">
<p>The new processing instruction <code>OpenIDUser</code> is enabled depending on the configuration, its only argument must be a username, for example &quot;<code>#OpenIDUser SomeUserName</code>&quot;. When this instruction is used, Moin will also allow using that particular page as an OpenID URL for the given username. However, note that this form of the processing instruction can never override the default so it cannot be used on another user&apos;s homepage. </p>
<p></p>
</s3>
<s3 id="Currently not implemented functionality" title="Currently not implemented functionality">
<p>The OpenID server code is not perfect, it could </p>
<ul><li>implement attribute exchange, </li>
<li><p>be an IDP so users can enter just <code>http://wiki.example.com/</code> and choose their identity by logging in, </p>
</li>
<li><p>allow delegation, would be easy to do with a new user preferences plugin (and a new configuration option <code>openid_server_enable_delegation</code>) </p>
</li>
</ul>
</s3></s2></s1>