OpenID And ColdFusion

Recently I wanted to investigate building an OpenID identity provider in ColdFusion. While there are a few OpenID consumer libraries out there, I didn't really find any ColdFusion implementations for an OpenID server. Plus, given that OpenID is an authentication protocol there are heightened security considerations, so I wanted something that was well tested and widely used. This lead me to the OpenID4Java project. Looking at the documentation and source for the project there appeared to be pretty straight forward implementations for both an OpenID provider and consumer via the ServerManager and ConsumerManager classes so I began to port the sample JSP applications over to ColdFusion. That is were my problems began.


Wil Genovese's Gravatar Have you seen/tried OpenID Server for ColdFusion? I'm curious because I've been researching setting up OpenID also. I'm experimenting with the ColdFusion based OpenIDServer that is at or at

The OpenID Foundation website lists this as one of the possible servers to use.

So far it seems like a pretty good ColdFusion based OpenID server. I'm still experimenting with integrating OpenID into our applications but I think we may use this. I'm wondering how this compares to OpenID4Java.
# Posted By Wil Genovese | 4/16/10 2:13 PM
Nathan Mische's Gravatar I did take a look at OpenIDServer, but I seem to recall it only supported OpenID 1.1 and didn't support extensions such as Attribute Exchange or Simple Registration. (I could be wrong here.)

OpenID4Java supports OpenID 2.0 and extensions. Plus it was originally developed by Sxip, one of the major drivers of the OpenID spec. (If you look the main OpenID4Java author, Johnny Bufu, is listed as a contributor to most of the OpenID specs.) Another factor is that OpenID4Java is used and maintained by some pretty big organizations. For example I know Atlassian uses it and has contributed to the project. I'm not really sure how many people are using OpenIDServer or how well it is maintained.
# Posted By Nathan Mische | 4/16/10 2:58 PM
Dom's Gravatar Thanks for blogging this - this helped me diagnose my CFHTTP connection failure issue. I fixed with the following in onApplicationStart()

<cfset objSecurity = createObject("java", "") />
<cfset objSecurity.removeProvider("JsafeJCE") />
# Posted By Dom | 6/27/12 12:46 PM
Ben Nadel's Gravatar This was a life-saver yesterday. After *literally* 8 hours of digging into HTTP requests, cacert files, and network diagnostics, we finally tried adding the JVM argument to disable JSafe. What a fiasco. Part of our site was down for half the day. Thanks!
# Posted By Ben Nadel | 1/9/15 7:01 PM
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.