search

Laith- / lightopenid

Automatically exported from code.google.com/p/lightopenid
0 stars 0 forks source link

[provider] The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. #43

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I tried to implement an openid provider using lightopenid. It is accepted by an 
lightopenid consumer, but not by sourceforge or test-id.org

I tried to understand the issue but I am lost, this may be a bug in the way we 
use lightopenid-provider.

To reproduce
------------
1. Go to: http://test-id.org/OP/Sreg.aspx
2. Enter: https://stendhalgame.org
3. Login using ttttt / ttttt

Error message
-------------

Login failed: The OpenID Provider issued an assertion for an Identifier whose 
discovery information did not match.
Assertion endpoint info: 
    ClaimedIdentifier: https://stendhalgame.org/a/ttttt
    ProviderLocalIdentifier: https://stendhalgame.org/a/ttttt
    ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider

OpenID version: 2.0 Service Type URIs:
Discovered endpoint info: [{ 
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider
    OpenID version: 2.0 Service Type URIs: http://specs.openid.net/auth/2.0/server },]

Our code
--------

Our code is at 
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/scripts/openid-provide
r.php?revision=1.7&view=markup (Note: the functions showConfirmationForm and 
getUserData are not used, yet).

The xrds document is declared by: header('X-XRDS-Location: 
'.STENDHAL_LOGIN_TARGET.'/?id=content/account/openid-provider&xrds');

The identifier points to an URL which simply displays a text: 
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/a.php?
revision=1.1&view=markup

The OpenidProvider is configured at
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/openid
-provider.php?revision=1.2&view=markup

Original issue reported on code.google.com by HendrikU...@nexgo.de on 17 Jul 2011 at 11:27

GoogleCodeExporter commented 9 years ago 
When the authentication process is complete, your provider returns claimed_id = 
https://stendhalgame.org/a/ttttt, which is fine. However, this url, when 
discovered, doesn't return a proper xrds (it returns server, instead of signon).

In order to fix it, set select_id to false when 
https://stendhalgame.org/a/ttttt is accessed, and preferably, xrdsLocation to 
something that will also return an xrds with select_id disabled (otherwise it 
might not work in some clients).

In other words: don't set select_id to true when an user's identity url is 
accessed.
It is documented in example.php (which uses select_id), by the way.

Anyway, thanks for the detailed bug report -- I've been able to (re-)discover 
the cause thanks to it.

And thanks for pointing me to a game I didn't play yet.

As usual, report any further problems.

Original comment by mewp...@gmail.com on 17 Jul 2011 at 12:25