My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 43: [provider] The OpenID Provider issued an assertion for an Identifier whose discovery information did not match.
1 person starred this issue and may be notified of changes. Back to list
Status:  Invalid
Owner:  ----
Closed:  Jul 2011


 
Reported by HendrikU...@nexgo.de, Jul 17, 2011
I tried to implement an openid provider using lightopenid. It is accepted by an lightopenid consumer, but not by sourceforge or test-id.org

I tried to understand the issue but I am lost, this may be a bug in the way we use lightopenid-provider.


To reproduce
------------
1. Go to: http://test-id.org/OP/Sreg.aspx
2. Enter: https://stendhalgame.org
3. Login using ttttt / ttttt


Error message
-------------

Login failed: The OpenID Provider issued an assertion for an Identifier whose discovery information did not match.
Assertion endpoint info: 
	ClaimedIdentifier: https://stendhalgame.org/a/ttttt
	ProviderLocalIdentifier: https://stendhalgame.org/a/ttttt
	ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider

OpenID version: 2.0 Service Type URIs:
Discovered endpoint info: [{ 
	ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
	ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
	ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider
	OpenID version: 2.0 Service Type URIs: http://specs.openid.net/auth/2.0/server },]




Our code
--------

Our code is at http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/scripts/openid-provider.php?revision=1.7&view=markup (Note: the functions showConfirmationForm and getUserData are not used, yet).

The xrds document is declared by: header('X-XRDS-Location: '.STENDHAL_LOGIN_TARGET.'/?id=content/account/openid-provider&xrds');

The identifier points to an URL which simply displays a text: http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/a.php?revision=1.1&view=markup

The OpenidProvider is configured at
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/openid-provider.php?revision=1.2&view=markup
Jul 17, 2011
Project Member #1 mewp...@gmail.com
When the authentication process is complete, your provider returns claimed_id = https://stendhalgame.org/a/ttttt, which is fine. However, this url, when discovered, doesn't return a proper xrds (it returns server, instead of signon).

In order to fix it, set select_id to false when https://stendhalgame.org/a/ttttt is accessed, and preferably, xrdsLocation to something that will also return an xrds with select_id disabled (otherwise it might not work in some clients).

In other words: don't set select_id to true when an user's identity url is accessed.
It is documented in example.php (which uses select_id), by the way.

Anyway, thanks for the detailed bug report -- I've been able to (re-)discover the cause thanks to it.

And thanks for pointing me to a game I didn't play yet.

As usual, report any further problems.
Status: Invalid

Powered by Google Project Hosting