OpenID: attempting to log in returns to the log in screen, no errors displayed to user or in Apache logs

[GoogleCodeExporter]

I decided to take another shot at the OpenID Wordpress plugin, as Janrain / RPX 
(which I was using before) has other problems now.

Previously I had bug #130, but I'm now hitting different behaviour. Still 
doesn't work.

The server is running Mandriva Linux 2010.1 with packaged Apache, PHP etc. The 
plugin's self-test indicates that everything is OK (it can't check the version 
of curl because Suhosin is enabled, but it's easily new enough).

What happens is that if I go to the login page and try to log in using an 
OpenID - my Fedora project OpenID, http://adamwill.id.fedoraproject.org/ - it 
takes me out to the Fedora login system, as it should, I enter my Fedora login 
username and password, it asks if I want to allow happyassassin.net access to 
the OpenID info, I say yes, and it takes me right back to the login page, not 
logged in, with no error message. There are no errors I can find in the Apache 
logs, either.

Here's the only relevant lines in Apache's error_log:

[Wed Oct 27 14:56:11 2010] [error] [client 192.168.1.1] Successfully fetched 
'http://adamwill.id.fedoraproject.org/': GET response code 200, referer: 
http://www.happyassassin.net/wordpress/wp-login.php?loggedout=true
[Wed Oct 27 14:56:12 2010] [error] [client 192.168.1.1] Successfully fetched 
'https://admin.fedoraproject.org/accounts/openid/yadis/adamwill': GET response 
code 200, referer: 
http://www.happyassassin.net/wordpress/wp-login.php?loggedout=true

and here's the URL it sends me back to:

http://www.happyassassin.net/wordpress/wp-login.php?finish_openid=1&identity_url
=http%3A%2F%2Fadamwill.id.fedoraproject.org%2F&redirect_to=http://www.happyassas
sin.net/wordpress/wp-admin/&_wpnonce=7604c7xxxx

(I replaced the last four characters of that wpnonce thing with x's, in case 
it's some kind of sensitive identifier). It doesn't take me to the admin panel, 
as the redirect would indicate. It just goes back to the login screen, and I'm 
not logged in.

May be some kind of Apache configuration, but I'm not sure what. The Apache 
config file for Wordpress looks like this:

Alias /wordpress /var/www/wordpress

<Directory /var/www/wordpress>
    AllowOverride None
    Allow from All

#    Options FollowSymlinks
#    RewriteEngine On
#    RewriteBase /
#    RewriteCond %{REQUEST_FILENAME} !-f
#    RewriteCond %{REQUEST_FILENAME} !-d
#    RewriteRule . /index.php [L]

</Directory>

and there's also a .htaccess in /var/www/wordpress :

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Let me know if you need any other config details. Thanks.

Original issue reported on code.google.com by adamw.ma...@gmail.com on 27 Oct 2010 at 10:08

[GoogleCodeExporter]

Behaviour seems to have changed somewhat. After authenticating with my OpenID 
provider I now get sent back to this URL:

http://www.happyassassin.net/wordpress/index.php/openid/consumer?janrain_nonce=2
010-11-05T20%3A33%3A53ZRPO3Wo&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4cd46a31%7D%
7Bt4tpFw%3D%3D%7D&openid.claimed_id=http%3A%2F%2Fadamwill.id.fedoraproject.org%2
F&openid.identity=https%3A%2F%2Fadmin.fedoraproject.org%2Faccounts%2Fopenid%2Fid
%2Fadamwill&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F
2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.op_e
ndpoint=https%3A%2F%2Fadmin.fedoraproject.org%2Faccounts%2Fopenid%2Fserver&openi
d.response_nonce=2010-11-05T20%3A33%3A56Zp4x8I5&openid.return_to=http%3A%2F%2Fww
w.happyassassin.net%2Fwordpress%2Findex.php%2Fopenid%2Fconsumer%3Fjanrain_nonce%
3D2010-11-05T20%253A33%253A53ZRPO3Wo&openid.sig=HOeWeWVaC1P2KDjp%2F9Y1TWInAqw%3D
&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.sreg%2Cop_e
ndpoint%2Cresponse_nonce%2Creturn_to%2Csigned

which returns a completely blank page - no 404, no error, nothing. Just blank 
white. If I hit refresh, I see the login page, with an error message "OpenID 
login failed: Nonce already used or out of range".

Original comment by anothers...@gmail.com on 5 Nov 2010 at 8:35

[GoogleCodeExporter]

still no useful errors in Apache logs. Same happens if I use a different OpenID 
provider. I found a few similar reports in wordpress forums, but no-one had a 
solution...

Original comment by anothers...@gmail.com on 5 Nov 2010 at 8:38

[GoogleCodeExporter]

I have exactly the same error you are describing. I'm using Wordpress 3.1 with 
PHP 5.3 on ArchLinux. This is really anoying, because I think OpenID really is 
the future of Logins...

Original comment by schneida...@gmail.com on 4 Mar 2011 at 1:38

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I observe the behavior from the initial report since WP 3.x. Last checked with 
WP 3.3, plugin version 3.3.3.

Original comment by egcros...@gmail.com on 21 Dec 2011 at 12:05