We're using OpenID!

You've been asking for it, and now you get it - SourceForge.net has implemented OpenID. It's a great way to let you cutting-edge web users to more easily get involved on our site. This helps you participate in the Open Source community - whether you're helping out in project trackers, starting a new project, or just throwing down in the Community forums. We're helping you to help us help you some more.

For now, we're only a relying party, not a provider. Hey, it's less coding and easier to implement! Aww, come back now - we didn't mean it like that. It's just that we've never really captured your whole online identity anyway, and you deserve better. It's not you, it's us. So really, we want you to find an Identity Provider who can make you feel as special as you really are.

BTW - if you don't want to use OpenID, no worries. Just move along, nothing else to see here...

Logging In

When clicking on the Log In link on SourceForge.net, You will now see 2 login forms - our traditional account login form you've come to know and love, and the brand new OpenID login form. To log in with an OpenID, simply type it into the OpenID input box and click the "Log in" button. For the typing-averse, you can also select from one of the OpenID provider buttons,, and we'll get you started on your OpenID. We support all other OpenID providers but we don't list them all. These are just some common options. We do not plan to put up icons for all of the available providers! We'll send you to your Identity Provider to authenticate yourself, but don't panic - you'll come right back after that.

Existing Users

If you have an existing SourceForge.net account, you can associate your OpenID with it and log in to your existing account with your OpenID. There are two ways to associate:

The first time you log in with your OpenID (described above), we will ask you to associate it with an existing account or to create a new account. Simply log in to your existing account to associate your OpenID to the account ...
or
You can also go to a new a page to manage OpenID associations in your Account Options area - from this page you can add or remove OpenIDs, make them public or private, and set a delegation ID (more below).

New Users

If you are new to SourceForge, logging in with OpenID should make it easier to get your own SourceForge.net account. The first time you log in with your OpenID, you will be asked to associate it with an existing account or to create a new account. Choose to create a new account, and you will be sent straight to our account registration form. We will ask your Identity Provider for your registration information. Some providers don't give it to us, or they might try to send it in Beta Crypt 3 or something ... we simply can't work under those conditions - have you seen the prices on Beta Crypt 3 dictionary data files lately? Fill in the remaining data for your account and accept our terms and conditions.

Note: You still need to provide a SourceForge.net-unique username and password because these credentials are required for our non-web services like Project Web, CVS, SVN, etc. (Feel free to start your own project to integrate OpenID authentication into ssh and svn clients though. That'd be so cool.)

We'll send an email to confirm your account - be sure to complete the account confirmation to get full site services. (We do this to everyone, not just OpenID users.)

For future visits, just log in with the OpenID you used to register.

Go delegate!

Delegation allows you to use your username (i.e., http://sf.net/users/username ) page as a delegation URL for other OpenID sites. You need a "real" OpenID associated to your account to enable this ...

Once you are logged into SourceForge.net, on your "My" page, click on the Account Options link. You'll see a section of links there and at the bottom you'll see Manage My OpenIDs. Go there and check it out.

So, just like we have provided a SourceForge.net identity for email (username@users.sourceforge.net), you can now use this delegation at other OpenID-enabled sites if you want.

FAQ

Q: Why doesn't my Yahoo username work?

A: Yahoo requires that you enable OpenID for your Yahoo username, which you can do here. In addition, you should set up a "username" Yahoo OpenID. Note that you have to change Yahoo Customization Options for your http://me.yahoo.com/username. Once you've done that, you can sign in using your shorter "username" Yahoo OpenID.

Q: Why doesn't my delegation OpenID work on SourceForge.net?

A: Unfortunately, our OpenID client does not yet support XRDS or Yadis-based discovery. we're working with ZF on that to fix it ASAP, but for now you can add HTML discovery elements to your delegation page to work for SourceForge.net. This is a delegation block, for Verisign, verified to work with our existing implementation:

<link rel="openid.server" href="http://pip.verisignlabs.com/server" />
<link rel="openid.delegate" href="http://username.pip.verisignlabs.com/" />
<link rel="openid2.provider" href="http://pip.verisignlabs.com/server" />
<link rel="openid2.local_id" href="http://username.pip.verisignlabs.com/" />

Q: Why doesn't my i-name work?

A: Our ZF OpenID component doesn't fully support XRI & i-name discovery yet. We've filed an issue in the ZF tracker and hope to be able to work it out soon.

Q: Why usernames and passwords?

A: Each user coming into the site still needs a valid SourceForge.net username and password. As noted above, you still need these account credentials because they are required for our non-web services like Project Web, CVS, SVN, etc. In the future, we may look at enabling no-password or random-password accounts with site-only permissions. For now, you must still provide these.

Q: How come all of the fields in account registration aren't pre-populated from my OpenID provider?

A: During account registration, the number of fields that we can pre-populate is dependent on the ID provider. It might be that all of the fields weren't completed, or the id provider doesn't account for everything like time zone, language, country, etc. If these things aren't right, that means the ID providers are not sticking to spec! (registration extension: http://openid.net/specs/openid-simple-registration-extension-1_0.html)

Q: What is the deal with http vs. https?

A: We are following the spec on this, i.e., normalization: http://openid.net/specs/openid-authentication-2_0.html#normalization_example, so an http OpenID is different than an https OpenID. If your provider offers both, we suggest using https. You may use both, but we will consider them as two separate OpenIDs.

Copyright 2004-2008 SourceForge, Inc. All rights reserved.