This post is a complementary article to Cameron King’s great guide for end users. It continues the “How do I use my OpenID” paragraph with some screenshots to make things a little bit clearer. For this purpose ClaimID is the provider and RunLog the website I want to log into - the relying party -, though it could be any other provider and relying party as well. It’s just an example. 
Login to the Relying Party
So let’s get started and point your browser to RunLog. On the left of the website you see the login link. You may have realized already that there is no Sign up or Register button or link. The reason is quite simple, though: RunLog only supports OpenID logins and Facebook authentication. More regular sites will probably feature Login and Sign up buttons or links; usually you can go straight to Login because you already have your credentials to login: your OpenID. So click on Login.
Next you see the screen to enter your OpenID. Just do that and make sure to also include http://. Unfortunately that’s not consistent throughout relying parties. Some of them demand http:// and some don’t. If they don’t indicate what to use you will have to try.
After pressing the Login button you will be forwarded to your OpenID provider.
Login to the OpenID Provider
Before using OpenID you have to be logged in to your OpenID provider. In ClaimID’s case I have to login right on the so called landing page. Well, that’s a little bit problematic in terms of phishing because a phisher could redirect me to a fake login screen. Some providers don’t allow logins on that page but demand that you login by a bookmarklet, typing in the homepage in your browser and login from there, use certificates,… If you’re using a provider that doesn’t support those methods it is good practice to login to the provider before starting an OpenID session.
Next you see a screen like the one shown above. It confirms that RunLog is the site you are going to log into and that you can either always trust that site, log in just once or you can cancel the session. If you click on Log in and Trust you will never see that screen again when logging in to RunLog.
Please notice that RunLog also wants to know my nickname, full name and email address. ClaimID has auto-filled that information already by simply getting it from my profile there. This is a really nifty feature of OpenID called Simple Registration, an extension to the OpenID protocol. Though keep in mind that not all providers support it.
Back at the Relying Party
After clicking Log In or Log in and Trust I am forwarded back to RunLog. I am logged in now and email, nickname and full name are auto-filled, too. I can complete my profile now if I want to.
That’s all. Login takes just a few seconds with OpenID especially if you’re logged in to the provider already.
One Comment
This is very helpful, thank you!
One Trackback
[…] L’intéret d’OpenID est que l’utilisateur a tout de meme sont mot a dire: en effet le site référent demande a l’utilisateur de valider l’envoi des informations au site demandeur, cela implique que l’utilisateur consent à donner ces informations au site les demandant. OpenID apporte donc une certaine transparence.Note: Une procedure de fonctionnement illustrée existe ici […]