diff --git a/modules/openid/default-disable b/modules/openid/default-disable
new file mode 100644
index 0000000000000000000000000000000000000000..fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f
--- /dev/null
+++ b/modules/openid/default-disable
@@ -0,0 +1,3 @@
+This file indicates that the default state of this module
+is disabled. To enable, create a file named enable in the
+same directory as this file.
diff --git a/modules/openid/dictionaries/dictopenid.php b/modules/openid/dictionaries/dictopenid.php
new file mode 100644
index 0000000000000000000000000000000000000000..a4e70a364f8a2f0170bbebc09bd796d501cc295f
--- /dev/null
+++ b/modules/openid/dictionaries/dictopenid.php
@@ -0,0 +1,16 @@
+<?php
+
+$lang = array(
+
+ 'openidtestpage' => array (
+ 'en' => 'OpenID Consumer Authentication Test',
+ 'no' => 'OpenID Consumer Autentiserings Test',
+ ),
+
+);
+
+
+?>
+
+
+
diff --git a/modules/openid/hooks/hook_frontpage.php b/modules/openid/hooks/hook_frontpage.php
new file mode 100644
index 0000000000000000000000000000000000000000..aec1e20c3a42e90b3d9f2a1fd079b2e4c37acb84
--- /dev/null
+++ b/modules/openid/hooks/hook_frontpage.php
@@ -0,0 +1,17 @@
+<?php
+/**
+ * Hook to add the modinfo module to the frontpage.
+ *
+ * @param array &$links The links on the frontpage, split into sections.
+ */
+function openid_hook_frontpage(&$links) {
+ assert('is_array($links)');
+ assert('array_key_exists("links", $links)');
+
+ $links['links'][] = array(
+ 'href' => SimpleSAML_Module::getModuleURL('openid/openidtest.php'),
+ 'text' => '{openid:dictopenid:openidtestpage}',
+ );
+
+}
+?>
\ No newline at end of file
diff --git a/modules/openid/lib/Auth/Source/OpenIDConsumer.php b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
new file mode 100644
index 0000000000000000000000000000000000000000..0d42f83e0637d286c97ae61c21334d68ebf7245c
--- /dev/null
+++ b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * Authentication module which acts as an OpenID Consumer
+ *
+ * @author Andreas Ă…kre Solberg, <andreas.solberg@uninett.no>, UNINETT AS.
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
+
+
+ /**
+ * Constructor for this authentication source.
+ *
+ * @param array $info Information about this authentication source.
+ * @param array $config Configuration.
+ */
+ public function __construct($info, $config) {
+
+ /* Call the parent constructor first, as required by the interface. */
+ parent::__construct($info, $config);
+
+ }
+
+
+ /**
+ * Initiate authentication. Redirecting the user to the consumer endpoint
+ * with a state Auth ID.
+ *
+ * @param array &$state Information about the current authentication.
+ */
+ public function authenticate(&$state) {
+ assert('is_array($state)');
+
+ $state['openid:AuthId'] = $this->authId;
+ $id = SimpleSAML_Auth_State::saveState($state, 'openid:state');
+
+ $url = SimpleSAML_Module::getModuleURL('openid/consumer.php');
+ SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
+ }
+
+}
+
+?>
\ No newline at end of file
diff --git a/modules/openid/templates/default/consumer.php b/modules/openid/templates/default/consumer.php
new file mode 100644
index 0000000000000000000000000000000000000000..e056d045a04b610ec3db26f21c3e830e1b7b4e24
--- /dev/null
+++ b/modules/openid/templates/default/consumer.php
@@ -0,0 +1,67 @@
+<?php
+
+$this->data['header'] = 'OpenID Login';
+$this->data['icon'] = 'openid.png';
+$this->data['autofocus'] = 'openid-identifier';
+$this->includeAtTemplateBase('includes/header.php');
+
+?>
+<style>
+input.openid-identifier {
+ background: url(http://stat.livejournal.com/img/openid-inputicon.gif) no-repeat;
+/* background-color: #fff; */
+ border-left: 1px solid #ccc;
+ border-right: 1px solid #aaa;
+ border-top: 1px solid #aaa;
+ border-bottom: 1px solid #ccc;
+ color: #555;
+ background-position: 0 50%;
+ padding-left: 18px;
+}
+fieldset {
+ border-left: 1px solid #aaa;
+ border-right: 1px solid #ccc;
+ border-top: 1px solid #ccc;
+ border-bottom: 1px solid #aaa;
+ padding: 1em;
+}
+legend {
+ padding-left: .3em;
+ padding-right: .3em;
+ color: #555;
+}
+
+div.error {
+ padding: 1em; margin: 1em;
+ background: red;
+ color: white;
+ border: 1px solid #600;
+}
+</style>
+<div id="content">
+
+
+ <?php if (isset($this->data['error'])) { print "<div class=\"error\">" . $this->data['error'] . "</div>"; } ?>
+
+
+
+ <form method="get" action="consumer.php">
+ <fieldset>
+ <legend>OpenID Login</legend>
+
+ Identity URL:
+ <input type="hidden" name="action" value="verify" />
+ <input id="openid-identifier" class="openid-identifier" type="text" name="openid_url" value="http://" />
+ <input type="hidden" name="AuthState" value="<?php echo $this->data['AuthState']; ?>" />
+ <input type="submit" value="Login with OpenID" />
+ </fieldset>
+ </form>
+
+ <p style="margin-top: 2em">
+ OpenID is a free and easy way to use a single digital identity across the Internet. Enter your OpenID identity URL in the box above to authenticate.
+ </p>
+
+
+<?php
+$this->includeAtTemplateBase('includes/footer.php');
+?>
\ No newline at end of file
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
new file mode 100644
index 0000000000000000000000000000000000000000..159b3072381371ca2a51f2a91b683544b2a44fe0
--- /dev/null
+++ b/modules/openid/www/consumer.php
@@ -0,0 +1,213 @@
+<?php
+
+#require_once('../../_include.php');
+require_once('Auth/OpenID/SReg.php');
+require_once('Auth/OpenID/Server.php');
+require_once('Auth/OpenID/ServerRequest.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+
+/* Find the authentication state. */
+if (!array_key_exists('AuthState', $_REQUEST)) {
+ throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState');
+}
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'openid:state');
+$authState = $_REQUEST['AuthState'];
+$authSource = SimpleSAML_Auth_Source::getById($state['openid:AuthId']);
+if ($authSource === NULL) {
+ throw new SimpleSAML_Error_BadRequest('Invalid AuthId \'' . $state['feide:AuthId'] . '\' - not found.');
+}
+
+
+function displayError($message) {
+ $error = $message;
+
+ $config = SimpleSAML_Configuration::getInstance();
+ $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
+ $t->data['msg'] = $msg;
+ $t->data['error'] = $error;
+ $t->show();
+}
+
+
+function &getStore() {
+ /**
+ * This is where the example will store its OpenID information.
+ * You should change this path if you want the example store to be
+ * created elsewhere. After you're done playing with the example
+ * script, you'll have to remove this directory manually.
+ */
+ $store_path = "/tmp/_php_consumer_test";
+
+ if (!file_exists($store_path) &&
+ !mkdir($store_path)) {
+ print "Could not create the FileStore directory '$store_path'. ".
+ " Please check the effective permissions.";
+ exit(0);
+ }
+
+ return new Auth_OpenID_FileStore($store_path);
+}
+
+function &getConsumer() {
+ /**
+ * Create a consumer object using the store object created
+ * earlier.
+ */
+ $store = getStore();
+ return new Auth_OpenID_Consumer($store);
+}
+
+function getOpenIDURL() {
+ // Render a default page if we got a submission without an openid
+ // value.
+ if (empty($_GET['openid_url'])) {
+ $error = "Expected an OpenID URL.";
+
+ $config = SimpleSAML_Configuration::getInstance();
+ $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
+ $t->data['msg'] = $msg;
+ $t->data['error'] = $error;
+ $t->show();
+ }
+
+ return $_GET['openid_url'];
+}
+
+function getReturnTo() {
+ return SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(),
+ array('returned' => '1')
+ );
+
+}
+
+function getTrustRoot() {
+ return SimpleSAML_Utilities::selfURLhost();
+}
+
+function run_try_auth() {
+ $openid = getOpenIDURL();
+ $consumer = getConsumer();
+
+ // Begin the OpenID authentication process.
+ $auth_request = $consumer->begin($openid);
+
+ // No auth request means we can't begin OpenID.
+ if (!$auth_request) {
+ displayError("Authentication error; not a valid OpenID.");
+ }
+
+ $sreg_request = Auth_OpenID_SRegRequest::build(
+ array('nickname'), // Required
+ array('fullname', 'email')); // Optional
+
+ if ($sreg_request) {
+ $auth_request->addExtension($sreg_request);
+ }
+
+ // Redirect the user to the OpenID server for authentication.
+ // Store the token for this authentication so we can verify the
+ // response.
+
+ // For OpenID 1, send a redirect. For OpenID 2, use a Javascript
+ // form to send a POST request to the server.
+ if ($auth_request->shouldSendRedirect()) {
+ $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
+
+ // If the redirect URL can't be built, display an error message.
+ if (Auth_OpenID::isFailure($redirect_url)) {
+ displayError("Could not redirect to server: " . $redirect_url->message);
+ } else {
+ header("Location: ".$redirect_url); // Send redirect.
+ }
+ } else {
+ // Generate form markup and render it.
+ $form_id = 'openid_message';
+ $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
+
+ // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
+ if (Auth_OpenID::isFailure($form_html)) {
+ displayError("Could not redirect to server: " . $form_html->message);
+ } else {
+ echo '<html><head><title>OpenID transaction in progress</title></head>
+ <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' .
+ $form_html . '</body></html>';
+ }
+ }
+}
+
+function run_finish_auth() {
+
+ $error = 'General error. Try again.';
+
+ try {
+
+ $consumer = getConsumer();
+
+ // Complete the authentication process using the server's
+ // response.
+ $response = $consumer->complete();
+
+ // Check the response status.
+ if ($response->status == Auth_OpenID_CANCEL) {
+ // This means the authentication was cancelled.
+ throw new Exception('Verification cancelled.');
+ } else if ($response->status == Auth_OpenID_FAILURE) {
+ // Authentication failed; display the error message.
+ throw new Exception("OpenID authentication failed: " . $response->message);
+ } else if ($response->status == Auth_OpenID_SUCCESS) {
+ // This means the authentication succeeded; extract the
+ // identity URL and Simple Registration data (if it was
+ // returned).
+ $openid = $response->identity_url;
+
+ $attributes = array('openid' => array($openid));
+
+ if ($response->endpoint->canonicalID) {
+ $attributes['openid.canonicalID'] = array($response->endpoint->canonicalID);
+ }
+
+ $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
+ $sregresponse = $sreg_resp->contents();
+
+ if (is_array($sregresponse) && count($sregresponse) > 0) {
+ $attributes['openid.sregkeys'] = array_keys($sregresponse);
+ foreach ($sregresponse AS $sregkey => $sregvalue) {
+ $attributes['openid.sreg.' . $sregkey] = array($sregvalue);
+ }
+ }
+
+ global $state;
+ $state['Attributes'] = $attributes;
+ SimpleSAML_Auth_Source::completeAuth($state);
+
+ }
+
+ } catch (Exception $e) {
+ $error = $e->getMessage();
+ }
+
+ $config = SimpleSAML_Configuration::getInstance();
+ $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
+ $t->data['error'] = $error;
+ global $authState;
+ $t->data['AuthState'] = $authState;
+ $t->show();
+
+}
+
+if (array_key_exists('returned', $_GET)) {
+ run_finish_auth();
+} elseif(array_key_exists('openid_url', $_GET)) {
+ run_try_auth();
+} else {
+ $config = SimpleSAML_Configuration::getInstance();
+ $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
+ global $authState;
+ $t->data['AuthState'] = $authState;
+ $t->show();
+}
+
+
+
+?>
\ No newline at end of file
diff --git a/modules/openid/www/openidtest.php b/modules/openid/www/openidtest.php
new file mode 100644
index 0000000000000000000000000000000000000000..4f6d946acc47d35f14c5808ce92bfbf6738511c1
--- /dev/null
+++ b/modules/openid/www/openidtest.php
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * The _include script registers a autoloader for the simpleSAMLphp libraries. It also
+ * initializes the simpleSAMLphp config class with the correct path.
+ */
+require_once('_include.php');
+
+
+/* Load simpleSAMLphp, configuration and metadata */
+$config = SimpleSAML_Configuration::getInstance();
+$session = SimpleSAML_Session::getInstance();
+
+if (! $session->isValid('openid') ) {
+ /* Authenticate with an AuthSource. */
+ $hints = array('openid' => NULL);
+ SimpleSAML_Auth_Default::initLogin('openid', SimpleSAML_Utilities::selfURL(), NULL, $hints);
+}
+
+$attributes = $session->getAttributes();
+
+$t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes');
+$t->data['header'] = '{openid:dictopenid:openidtestpage}';
+$t->data['remaining'] = $session->remainingTime();
+$t->data['sessionsize'] = $session->getSize();
+$t->data['attributes'] = $attributes;
+$t->data['icon'] = 'bino.png';
+$t->data['logouturl'] = NULL;
+$t->show();
+
+
+?>
\ No newline at end of file
diff --git a/www/resources/icons/openid.png b/www/resources/icons/openid.png
new file mode 100644
index 0000000000000000000000000000000000000000..502b3577a5b09803db28a30cbcf0f1651c089921
Binary files /dev/null and b/www/resources/icons/openid.png differ