search

albertz / smf-openid-server

SMF OpenID server
9 stars 4 forks source link

The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. #2

Open Thorium opened 11 years ago

Thorium commented 11 years ago

Hello,

I set this up, and now it seems to work, but then fails as follows:

Login failed: The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. Assertion endpoint info: ClaimedIdentifier: http://www.mysite.org/openid/ ProviderLocalIdentifier: http://www.mysite.org/openid/?u=52634 ProviderEndpoint: http://www.mysite.org/openid/ OpenID version: 1.1 Service Type URIs: Discovered endpoint info: [{

ClaimedIdentifier: http://www.mysite.org/openid/ ProviderLocalIdentifier: http://www.mysite.org/openid/ ProviderEndpoint: http://www.mysite.org/openid/ OpenID version: 1.1 Service Type URIs: http://openid.net/signon/1.1 },]

Google didn't find anything... As you may notice, ProviderLocalIdentifier is different... should it be? Where does it come from?

albertz commented 11 years ago

It's quite a while I have looked into it, so I don't really have an idea right now.

Have you looked at #1 ? That might be something similar.

Thorium commented 11 years ago

Thanks for quick response!

Yes, it seems that modifying

$profile["idp_url"] .= "?u=" . urlencode($lxa_logged_in);

could correct the response. But I need the user as everyone can't be the same user. :-)

Do you have any example of what this file should contain:

$config = './config/' . $_SESSION['auth_username'] . '.php';

Thorium commented 11 years ago

Hmm. It seems that the first time the login shows it doesn't sucess... (some cache or just program logic error or something?) But the page finds the session when refreshed.

Now, if the login seems not to be success, the page has tags:

when this openid.delegate should have this parameter ?u=...

This may cause the Discovered endoint ProviderLocalIdentifier parameter to be wrong.

Hmm... Then I have one more question... about this code line:

$GLOBALS["lxa_logged_in"] = lxa_logged_in();

Is this globals-array shared with all the users? If so, we can't really put user-id to globals-array like this, as it can mess up if there are multiple users at the same time, right? Then it should be some kind of cookie or something instead...

The forum where I would like to use this is very active. It has always about 20 logged-in users. And I don't want anyone to get accidentally wrong user-id.