leo27lijiang / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Authentication from different browsers for the same user fails due to failed verification. #92

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Try using a RP which accepts google OpenID identifier and log in to the
test app say(Consumer) with an id "abc"
2. Now use a new browser instance or a different browser and try logging in
with the same identifier.
3. The login fails due to some association lookup and the verification
returning null.

What is the expected output? What do you see instead?
It should authenticate the user and succeed in the flow.

What version of the product are you using? On what operating system?
openID4Java-0.9.4, Linux.

Please provide any additional information below.
HTML discovery result:
ClaimedID:http://openid-provider.appspot.com/abc
OpenID2-endpoint:http://openid-provider.appspot.com/abc
OpenID1-endpoint:http://openid-provider.appspot.com/abc
HTML discovery succeeded on: http://openid-provider.appspot.com/abc
OpenID2-signon HTML discovery endpoint: OpenID2
OP-endpoint:http://openid-provider.appspot.com/abc
ClaimedID:http://openid-provider.appspot.com/abc
Delegate:null
OpenID1-signon HTML discovery endpoint: OpenID1
OP-endpoint:http://openid-provider.appspot.com/abc
ClaimedID:http://openid-provider.appspot.com/abc
Delegate:null
Discovered 2 OpenID endpoints.
Trying to associate with http://openid-provider.appspot.com/abc
attempts left: 4
Found an existing association.
Trying to associate with http://openid-provider.appspot.com/abc
attempts left: 4
Found an existing association.

Original issue reported on code.google.com by guru.rg2...@gmail.com on 2 Apr 2009 at 11:06

GoogleCodeExporter commented 9 years ago
Existing associations can (and should) be used for the same OpenID Providers. 
The 
verification failure is most likely caused by something else; there should be 
warnings or errors in the logs that indicate the cause.

Original comment by Johnny.B...@gmail.com on 24 Mar 2010 at 2:32

GoogleCodeExporter commented 9 years ago
When I experienced this error, it was because I logged in from two browsers:
* one on the server itself, with "localhost" as the hostname in the URL
* on a different machine, with the proper hostname in the URL (e.g. "snoopy")

Google sees "localhost" and "snoopy" as different logical servers even though 
they
resolve to the same physical server, and issues different OpenIDs even for the 
same
Google user. I guess if you used the server's IP address instead of a host name,
you'd get a third different OpenID from Google. Hope this helps someone, if not 
the OP.

Original comment by andrew.i...@gmail.com on 24 Mar 2010 at 4:48

GoogleCodeExporter commented 9 years ago
The OP doesn't (need to) identify the RP that makes a association request - it 
just 
creates an association and issues a handle for it to the RP.

OpenID Identifier issuing is a entirely separate issue, not related in any way 
to 
the host name or IP address from where requests are initiated.

Original comment by Johnny.B...@gmail.com on 24 Mar 2010 at 5:03

GoogleCodeExporter commented 9 years ago

Original comment by Johnny.B...@gmail.com on 1 Nov 2012 at 12:32