search

GENI-NSF / geni-portal

A UI for a GENI clearinghouse
Other
3 stars 8 forks source link

openid errors on new relying party testing #1096

Open ahelsing opened 9 years ago

ahelsing commented 9 years ago

Errors seen in the logs when Fraida was trying to set up openid on her end:

[Fri Jul 18 04:49:10 2014] [error] [client 195.251.17.165] PHP Notice:  Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:50:06 2014] [error] [client 195.251.17.165] PHP Notice:  Undefined property: Auth_OpenID_ServerError::$trust_root in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:50:08 2014] [error] [client 195.251.17.165] PHP Notice:  Undefined property: Auth_OpenID_ServerError::$trust_root in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:50:10 2014] [error] [client 195.251.17.165] PHP Fatal error:  Call to undefined method Auth_OpenID_ServerError::answer() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 138, referer: https://portal.geni.net/secure/openid/server.php?openid.realm=http%3A%2F%2Fwitestlab.poly.edu
[Fri Jul 18 04:50:15 2014] [error] [client 195.251.17.165] PHP Notice:  Undefined property: Auth_OpenID_ServerError::$trust_root in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:50:17 2014] [error] [client 195.251.17.165] PHP Fatal error:  Call to undefined method Auth_OpenID_ServerError::answer() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 138, referer: https://portal.geni.net/secure/openid/server.php?openid.realm=http%3A%2F%2Fwitestlab.poly.edu
[Fri Jul 18 04:50:32 2014] [error] [client 195.251.17.165] PHP Notice:  Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:50:36 2014] [error] [client 195.251.17.165] PHP Fatal error:  Call to undefined method Auth_OpenID_ServerError::answer() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 138, referer: https://portal.geni.net/secure/openid/server.php?openid.assoc_handle={HMAC-SHA256}{53c84696}{LxZkYQ%3D%3D}&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.realm=https%3A%2F%2Fgeni.orbit-lab.org%2F&openid.return_to=https%3A%2F%2Fgeni.orbit-lab.org%2Flogin%3F%26modauthopenid.nonce%3D68HrpCuFiI&openid.trust_root=https%3A%2F%2Fgeni.orbit-lab.org%2F&openid.ax.mode=fetch_request&openid.ax.required=ext0&openid.ax.type.ext0=http%3A%2F%2Fgeni.net%2Fwimax%2Fwimax_username&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
[Fri Jul 18 04:51:24 2014] [error] [client 195.251.17.165] PHP Notice:  Undefined property: Auth_OpenID_MalformedReturnURL::$trust_root in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:51:26 2014] [error] [client 195.251.17.165] PHP Fatal error:  Call to undefined method Auth_OpenID_MalformedReturnURL::answer() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 138, referer: https://portal.geni.net/secure/openid/server.php?openid.assoc_handle={HMAC-SHA256}{53c84696}{LxZkYQ%3D%3D}&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.realm=https%3A%2F%2Fwitestlab.poly.edu%2F&openid.return_to=https%3A%2F%witestlab.poly.edu%2Flogin%3F%26modauthopenid.nonce%3D68HrpCuFiI&openid.trust_root=https%3A%2F%witestlab.poly.edu%2F&openid.ax.mode=fetch_request&openid.ax.required=ext0&openid.ax.type.ext0=http%3A%2F%2Fgeni.net%2Fwimax%2Fwimax_username&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
[Fri Jul 18 04:51:31 2014] [error] [client 195.251.17.165] PHP Notice:  Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
[Fri Jul 18 04:51:49 2014] [error] [client 195.251.17.165] PHP Fatal error:  Call to undefined method Auth_OpenID_ServerError::getCancelURL() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 89, referer: https://portal.geni.net/secure/openid/server.php
[Fri Jul 18 04:52:52 2014] [error] [client 195.251.17.165] PHP Notice:  Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60

Imported from trac ticket #1096, created by ahelsing on 07-18-2014 at 09:13, last modified: 08-12-2014 at 14:05

ahelsing commented 9 years ago

I now see these as well:

[Mon Jul 21 22:54:11 2014] [error] [client 193.201.224.56] PHP Notice:  Undefined property: Auth_OpenID_ServerError::$mode in /usr/share/geni-ch/openid/Auth/OpenID/Server.php on line 1705, referer: https://portal.geni.net/server/server.php
[Mon Jul 21 22:54:11 2014] [error] [client 193.201.224.56] PHP Fatal error:  Call to a member function needsSigning() on a non-object in /usr/share/geni-ch/openid/Auth/OpenID/Server.php on line 1500, referer: https://portal.geni.net/server/server.php

Trac comment by ahelsing on 07-22-2014 at 08:59

ahelsing commented 9 years ago

Another example:

[Thu Jul 31 11:32:52 2014] [error] [client 128.89.69.124] PHP Fatal error:  Call to undefined method Auth_OpenID_ServerError::answer() in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 138, referer: https://portal.geni.net/secure/openid/server.php?openid.assoc_handle=%7BHMAC-SHA1%7D%7B53d91726%7D%7BjprZBw%3D%3D%7D&openid.ax.mode=fetch_request&openid.ax.required=ext0%2Cext1%2Cext2%2Cext3%2Cext4%2Cext5&openid.ax.type.ext0=http%3A%2F%2Fgeni.net%2Fprojects&openid.ax.type.ext1=http%3A%2F%2Fgeni.net%2Fslices&openid.ax.type.ext2=http%3A%2F%2Fgeni.net%2Fuser%2Furn&openid.ax.type.ext3=http%3A%2F%2Fgeni.net%2Fuser%2Fprettyname&openid.ax.type.ext4=http%3A%2F%2Fgeni.net%2Firods%2Fusername&openid.ax.type.ext5=http%3A%2F%2Fgeni.net%2Firods%2Fzone&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Flabwiki.casa.umass.edu%3A4000&openid.return_to=http%3A%2F%2Flabwiki.casa.umass.edu%3A4000%2Flogin%3F_method%3Dpost

Trac comment by ahelsing on 07-31-2014 at 13:25

tcmitchell commented 9 years ago

A few of these errors can be recreated by going directly to the internal openid server page (https://portal.geni.net/secure/openid/server.php):

Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60
Trying to get property of non-object in /usr/share/geni-ch/openid/src/server-indirect/server.php on line 60

Then click on "Send my information" and you get another:

Call to undefined method Auth_OpenID_ServerError::answer()

Or click on "Cancel" to get:

Call to undefined method Auth_OpenID_ServerError::getCancelURL()

In summary, this is a case where the internal openid server page is being invoked improperly with respect to the openid protocol. Our implementation doesn't catch this case, but could. It would need to recognize that there is no openid request, so redirect to a different page, possibly the external server page (https://portal.geni.net/server/server.php) which does have pretty good explanatory text.

Bumping this back now that we understand the cause of the errors. This is a rare case only likely to happen when a new relying party is coming on line, and probably partially due to unfamiliarity with openid on the part of the relying party owner/operator in this case.

Trac comment by tmitchel (github user: tcmitchell) on 08-12-2014 at 14:05