| Issue 119: | Directed identity fails in RP when using stateless mode | |
| Back to list |
Sign in to add a comment
|
var rp = new OpenIdRelyingParty(null, null, null);
rp.CreateRequest("yahoo.com").RedirectToProvider(); // any OP Identifier
// when it comes back
rp.Response // verification fails!
In stateless mode, the token used to store endpoint info is not signed,
which makes rediscovery of the identifier necessary on every authentication
response. For OP Identifiers, the claimed_id saved in the token is not the
identifier that discovery should be performed on, but it is attempted
anyway which results in failure.
|
||||||||||||
,
Aug 01, 2008
Although this bug exists in all 2.x releases to date, it will only be fixed in 2.3.1 and later.
Status: Fixed
Labels: -Release-2.1 Release-2.3 |
|||||||||||||
 Sign in to add a comment
|
|||||||||||||
