# File lib/rack/auth/openid.rb, line 335
      def within_realm? uri
        uri = URI.parse(uri.to_s)
        realm = URI.parse(self.realm)
        return false unless uri.absolute?
        return false unless uri.path[0, realm.path.size] == realm.path
        return false unless uri.host == realm.host or realm.host[/^\*\./]
        # for wildcard support, is awkward with URI limitations
        realm_match = Regexp.escape(realm.host).
          sub(/^\*\./,"^#{URI::REGEXP::PATTERN::URIC_NO_SLASH}+.")+'$'
        return false unless uri.host.match(realm_match)
        return true
      end