search

Daisuke-Shimada / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Discovery fails on myopenid.com accounts. #81

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Set up the simple-openid example and deploy on tomcat6 server.
2. Run discovery on a myopenid.com account.

What is the expected output? What do you see instead?
Expected redirect to OpenID provider got an OpenIDException instead.

What version of the product are you using? On what operating system?
Revision 556 from SVN on Ubuntu Linux 8.10, tomcat6 server.

Please provide any additional information below.
Seems to fail at parseXmlInput method in file XrdsParserImpl.java.
Also tried discovery on a pip.verisignlabs.com OpenID account which works,
the input to the parser is very simliar to the myopenid.com one.

Debug log shows the following data as input to the parser (replaced
myopenid.com identity with xxxxx.myopenid.com):

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
  <XRD version="2.0">
    <Type>xri://$xrds*simple</Type>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/signon</Type>
        <Type>http://openid.net/sreg/1.0</Type>
        <Type>http://openid.net/extensions/sreg/1.1</Type>

<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
        <Type>http://openid.net/srv/ax/1.0</Type>
      <URI>http://www.myopenid.com/server</URI>
      <LocalID>http://xxxxx.myopenid.com/</LocalID>
    </Service>
    <Service priority="1">
      <Type>http://openid.net/signon/1.1</Type>
        <Type>http://openid.net/sreg/1.0</Type>
        <Type>http://openid.net/extensions/sreg/1.1</Type>

<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
        <Type>http://openid.net/srv/ax/1.0</Type>
      <URI>http://www.myopenid.com/server</URI>
      <openid:Delegate>http://xxxxx.myopenid.com/</openid:Delegate>
    </Service>
    <Service priority="2">
      <Type>http://openid.net/signon/1.0</Type>
        <Type>http://openid.net/sreg/1.0</Type>
        <Type>http://openid.net/extensions/sreg/1.1</Type>

<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-resistant</Type>
        <Type>http://openid.net/srv/ax/1.0</Type>
      <URI>http://www.myopenid.com/server</URI>
      <openid:Delegate>http://xxxxx.myopenid.com/</openid:Delegate>
    </Service>
  </XRD>
</xrds:XRDS>

The XRDS parser is pretty much unknown territory for me. Hope this info helps.

Regards 
Gustaf

Original issue reported on code.google.com by guj...@gmail.com on 29 Jan 2009 at 1:27

GoogleCodeExporter commented 9 years ago 
Looks like myopenid's XRDS files are not entirely correct, and this is a 
legitimate 
parsing error:

<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
  <XRD version="2.0">
    <Type>xri://$xrds*simple</Type>

Invalid content was found starting with element 'Type'. One of '{"xri://$xrd*
($v*2.0)":Query, "xri://$xrd*($v*2.0)":Status, 
"xri://$xrd*($v*2.0)":ServerStatus, 
"xri://$xrd*($v*2.0)":Expires, "xri://$xrd*($v*2.0)":ProviderID, "xri://$xrd*
($v*2.0)":Redirect, "xri://$xrd*($v*2.0)":Ref, "xri://$xrd*($v*2.0)":LocalID, 
"xri://
$xrd*($v*2.0)":EquivID, "xri://$xrd*($v*2.0)":CanonicalID, "xri://$xrd*
($v*2.0)":CanonicalEquivID, "xri://$xrd*($v*2.0)":Service, 
WC[##other:"xri://$xrd*
($v*2.0)"], WC[""]}' is expected.

That is: <Type> elements are not allowed directly under <XRD>, only under 
<Service>.

Unless, of course, there's an updated XRD schema (using the same namespace) 
that 
accounts for this variation that seems related to XRDS-simple specification.

Johnny

Original comment by Johnny.B...@gmail.com on 29 Jan 2009 at 7:54

GoogleCodeExporter commented 9 years ago 
From Eran:

"XRDS-Simple is deprecated and should not be implemented. The new XRD schema is 
coming shortly but will not be stable for at least another month."

Looks like myopenid.com should remove the XRDS-Simple type. I'll contact them 
for 
this.

Original comment by Johnny.B...@gmail.com on 29 Jan 2009 at 10:33

GoogleCodeExporter commented 9 years ago 
Thanks for the quick reply and also for the clarification. Hopefully myopenid 
will
change their XRD-schema shortly.

Regards
Gustaf

Original comment by guj...@gmail.com on 30 Jan 2009 at 9:22

GoogleCodeExporter commented 9 years ago 
I'm hitting this problem as well.

The previous openid4java version I used (from december I think) worked with 
myopenid,
but the latest revision gives me this error. It must be from the recent 
discovery
rewrite.

Can't this "incorrect" xrd be accepted in the mean time? Myopenid is a pretty 
big
provider to be left out until they decide to correct this.

Original comment by andrefcruz on 30 Jan 2009 at 5:02

GoogleCodeExporter commented 9 years ago 
Just checked and myopenid.com has fixed their XRD-schema and now works as 
intended.

Original comment by guj...@gmail.com on 2 Feb 2009 at 2:34

GoogleCodeExporter commented 9 years ago 
Great!

Original comment by andrefcruz on 2 Feb 2009 at 2:36

GoogleCodeExporter commented 9 years ago 
Jonathan Daugherty of JanRain confirmed that it's been fixed by MyOpenid.com.

Original comment by Johnny.B...@gmail.com on 26 Feb 2009 at 8:47