search

AlexKovic / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Server: Invalid signature after adding Simple Registration attributes to a AuthSuccess message #101

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

1. Create an AuthSuccess message and add a Simple Registration Extionsion
with some attributes according to the documentation and the SRegHowTo 

What is the expected output? What do you see instead?

In the AuthSuccess message the openid.sreg.* parameters are listed in the
openid.signed parameter but not contained in the generated signature
(openid.sig)

What version of the product are you using?
OpenID4Java 0.9.5

Solution:
Mention in the SRegHowTo that ConsumerManager.sign() has to be invoked
after adding the SReg-Extension object to the AuthSuccess message.

OR

Change the code, so that ConsumerManager.sign() is invoked automatically
after an Extension has been added to an AuthSuccess message.

Original issue reported on code.google.com by jakobi.m...@gmx.net on 14 Oct 2009 at 8:39

GoogleCodeExporter commented 8 years ago 
Updated SRegHowTo to call for serverManager.sign()

Original comment by Johnny.B...@gmail.com on 30 Oct 2012 at 11:04