In a previous post, I talked about OpenID: This is a single sign on system for a multitude of websites. To perform my first tests, I installed the OpenID plugin on my WordPress and used an ID created on myopenid.com. It worked pretty well but why not use a strong authentication method with OpenID? By strong authentication, we mean based on something you [know|have|are] combined with something you [know|have|are]. They are several OpenID providers: myopenid.com, myid.net or Verisign (a complete list is available here). I decided to test TrustBearer because they offer strong authentication.
Belgium is one of the first countries which offers electronic identify cards (or eID). The format is the same as a credit card and a contains all your personal information and your digital certificate (which allow you to digitally sign official documents). To use the card, you need a PIN code. The eID is supported by TrustBearer and my laptop (Dell) has a builtin smart-card reader. Let’s go for a test!
I assume that the WordPress plugin is already installed and configured in your WordPress. To use the TrustBearer services you need:
- A compatible browser (Firefox, Internet Explorer or Safari)
- A compatible device (token, smart card reader or biometric reader)
(Check their website for a full list of supported hardware/cards)
When you start the registration process, TrustBearer will ask you to install a plugin (I used Firefox) which will communicate with the hardware (security note: it means that your browser has to have enough rights, this can be a potentiel security problem). Once installed, insert your token or card and give the pin code.
Take care, if you give three bad PIN code, your card will be locked! (like a mobile SIMM card). Otherwise, the process is quite easy. Once the registration done, your OpenID url will look something like: “https://openid.trustbearer.com/
It’s now time to test with WordPress. When you access the login screen, you’ll notice a new field where you can enter your OpenID URL. Enter you freshly registered URL and log in. WordPress will redirect you to the TrustBearer web site and ask you to authenticate yourself using the registered method. After a successfull login, you will be redirected back to WordPress. Magic!
After a few hours, here are some comments:
1. It’s not possible to use the HTTPS protocol with your OpenID URL. This is a known problem. I still need to solve this issue.
2. The creation of a new account was not 100% successfull. I had to patch the logic.php file to allow a new user creation then link the OpenID ID with the existing wp_users ID.
Check out the demo!