VirtTipsAndTricksLDAPWebIDHow can I use LDAP based WebIDs?How can I use LDAP based WebIDs? What? Use of LDAP scheme (ldap:) URIs as bona fide WebIDs that are verifiable using the WebID protocol. Why? As a protocol, WebID is about verifying Identity via de-referencable URIs for Agents (people, organizations, programs). Thus, bearing in mind the multi scheme essence of URIs, and the fact that many existing systems already leverage X.500 names as part of LDAP setups, its vital that WebID usage extends naturally to these setups; especially, when introducing WebID to organizations, unobtrusively. How? The steps that follow walk you through the process of generating an X.509 Certificate that has an ldap: URI value in the Subject Alternate Name (SAN) and then using this Certificate to verify Identity using the WebID protocol. Basic steps for setting up LDAP Server, generating and importing certificate with WebID in the LDAP server Setup LDAP to Virtuoso instance binding via Conductor UI. As LDAP query works based on the attribute=value from profile, perform LDAP lookup test: Access the following URL: https://mail.openlinksw.com/ldapinfo.php?dn=uid=john,ou=Accounts,o=OpenLink%20Software,c=US
Post successful authentication should show the user details:
Set up of an X.509 certificate issuer and HTTPS listener Generate certificate with LDAP based WebID via ODS or another method, by placing LDAP: scheme URI in SAN of the Certificate to be generate, for ex: ldap://mail.openlinksw.com/cn=John%20Smith%2Cou=Accounts%2Co=OpenLink%20Software%2Cc=US
Convert from p12 to DER format: Suppose the certificate generated from the previous step is exported as p12 format . To convert it to DER format, one should perform the following commands: openssl pkcs12 -in mykey.p12 -nokeys > mykey.pem openssl x509 -in mykey.pem -outform DER > mykey.crt LDAP Setup: Start LDAP manager UI e.g. http://mail.openlinksw.com Post successful authentication click on Profile Update the "Country" and "Company" (Organization) fields if empty
Go to security section as import X.509 Cert so that DN is now associated with a Public Key.
The LDAP based WebId is ready to be used.
Verification Tests Make sure the steps from above are performed. If you generated Cert. using ODS and enabled WebID login, attempt a WebID login: Access https://id.myopenlink.net/ods Select when prompted from your browser, the certificate generated from above.
As result should be presented the ODS Log in form. Click the "WebID Login"
Post successful authentication should show ODS home page for the logged in user
Access https://id.myopenlink.net/ods/webid_demo.html
Click "Check" The verification result message should be shown:
Other Examples cURL Examples Example with No Certificate using the WebID Testing Service endpoint at https://host/ods/webid_check.vsp $ curl -i -k https://localhost:4433/ods/webid_check.vsp?callback=http://localhost:8894/myapp/ HTTP/1.1 302 Found Server: Virtuoso/06.02.3129 (Win32) i686-generic-win-32 VDB Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 Date: Tue, 24 May 2011 11:15:09 GMT Accept-Ranges: bytes Location: http://localhost:8894/myapp/?error=noCert&ts=2011-05-24T13%3A15%3A09%2B02%3A00&signature=rT1gooyUcPjWo3yhIdx7y8j05oM%3 Content-Length: 0 Example with Valid WebID $ openssl pkcs12 -in mykey.p12 > mykey2.pem $ curl -i -k --cert mykey2.pem https://localhost:4433/ods/webid_check.vsp?callback=http://localhost:8894/myapp/ Enter PEM pass phrase: HTTP/1.1 302 Found Server: Virtuoso/06.02.3129 (Linux) x86_64-generic-linux-glibc25-64 VDB Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Date: Tue, 24 May 2011 13:47:08 GMT Accept-Ranges: bytes Location: http://localhost:8894/myapp/?webid=http%3A%2F%2Flocalhost:8894%2Fdataspace%2Fperson%2Fdemo%23this&ts=201 00001-04%3A00&signature=7KYzL7vwpH2LtF4bZ%2FtAEWCC8gY%3D Content-Length: 0 Related Virtuoso Tips and Tricks Collection Power of WebID + OpenID Hybrid Protocol via Internet Explorer & Windows Using Safari to Demonstrate WebID + OpenID Hybrid Protocol Power! Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate WebID Protocol & SPARQL Endpoint ACLs Tutorial Safeguarding your Virtuoso-hosted SPARQL Endpoint SPARQL Endpoint Protection Methods Collection Virtuoso documentation SPARQL Service Endpoint Service Endpoint Security Managing a SPARQL Web Service Endpoint SPARQL Virtuoso Tips and Tricks Collection SPARQL Endpoint DET Configuration Guide SPARQL OAuth Tutorial Securing SPARQL endpoints SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint Virtuoso Authentication Server UI Manage a SPARQL-WebID based Endpoint Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener WebID Protocol Support in OpenLink Data Spaces. Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs): ODS Briefcase WebID based ACL Guide Person Entity WebID based ACL Guide Group Entity WebID based ACL Guide Public WebID based ACL Guide ODS Feed Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Calendar WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Bookmark Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Addressbook WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates. Setting up PubSubHub in ODS PubSubHubBub Demo Client Example Feed subscription via PubSubHub protocol Example Setting Up PubSubHub to use WebID Protocol or IP based control lists CA Keys Import using Conductor Generate an X.509 Certificate hosted WebID Guide Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore ODS Briefcase WebID Protocol Share File Guide WebID Protocol Specification Test WebID Protocol Certificate page WebID Protocol Certificate Generation page openid4.me -- An early WebID+OpenID implementation that isn't currently functional, but still provides good insights into the inner workings of WebID+OpenID A nice OpenID service for testing the prowess of OpenID+WebID An WebID+OpenID protocol demo using ODS ... ... through Firefox on Mac OS X ... through Safari on Mac OS X ... through IE on Windows Using WebID from an iOS5 device (iPhone or iPad) with Twitter as the Identity Provider (IdP) service