Version 14 (modified by dalius, 8 years ago) (diff)


OpenID Authentication Plugin


This plugins allows to login to Trac using OpenID. Please, note that this plugin works with Trac 0.11 version only.

There is already similar plugin (OpenidPlugin) but it is abandoned, old and has list of problems that my version fix:

  • Should work with Mysql, PostgreSql and SQLite
  • Uses genshi for templating

Bugs/Feature Requests

Existing bugs and feature requests for AuthOpenIdPlugin are here.

If you have any issues, create a new ticket.

Download & Source

You will need to install python_openid-2.1.1

You can check out AuthOpenIdPlugin from:

Subversion was dropped because of two reasons:

  • I don't have time to support two different repositories... AKA I'm lazy :)
  • It is easier to grab patches from remote Hg repositories... AKA I'm lazy :)

You can download most recent version from here if you don't want to use Mercurial version: However I don't know yet what is better way to distribute not-development version. If you have any ideas just write mail me to dalius at


trac.web.auth.* = disabled
authopenid.* = enabled


This plugin has number of configuration options. Examples are best way to illustrate them:

# Check user IP address. IP addresses are masked because
# in some cases user is behind internal proxy and last
# number in IP address might vary.
check_auth_ip = true
check_auth_ip_mask = 
# number of seconds until cookie will expire
expires = 86400

# In some cases company might have internal OpenID server that automatically
# identifies user (e.g. windows SSPI). Also known as single sign-on.
default_openid =
# Require sreg data
sreg_required = false 
# Default PAPE method to request from OpenID provider.
# pape_method = 
# What is OpenID link.
whatis =
# In some cases you might want allow users to login to different projects using
# different OpenIDs. In that case don't use absolute trust root.
absolute_trust_root = false

# Remove http:// or https:// from URL that is used as username. (Default: false)
strip_protocol = false

# Remove trailing slash from URL that is user as username (Defaul: false)
strip_trailing_slash = false

# Expiration time acts as timeout. E.g. if expiration time is 24 hour and
# you login again in those 24 times. Expiration time is extended for another
# 24 hours. (Default: false)
timeout = false

Recent Changes

2855 by dalius on 2007-12-07 07:18:58
Ticket #2276 fixed.
2847 by dalius on 2007-12-04 06:41:53
logout patch from gsf
2846 by dalius on 2007-12-03 08:55:11
sqlite patch from martin@…


Author: dalius