In relation to my previous reported problem #202,
when a problem like that happens, it's very difficult to get any meaningful
diagnosis out of openid4java. The only error message we get is "Discovered
information verification failed." and it does not go into the details of which
aspect has failed.
In OpenID, relying party has no secret to hide from the person who's trying to
authenticate. So as much diagnostic information should be given to the status
message as possible, to diagnose configuration issues in the server/client, etc.
For example, in ConsumerManager.verifyDiscovered1, instead of reporting errors
to the logger, those error messages should be primarily put into
VerifiedResult._statusMsg, which is where it belongs.
In the "stateless mode / bare response verification" mode, the
verifyDiscovered1 method should also report what openIDs it has discovered and
why it rejected it when it fails to find a matching one.
It would have made a troubleshooting like issue #202 very easy. As it stands
right now, it took us to attach a debugger and trace through the code to tell,
which would have been completely impractical if this had happened at some
remote site.
Original issue reported on code.google.com by kohsuke....@gmail.com on 4 Dec 2013 at 4:02
Original issue reported on code.google.com by
kohsuke....@gmail.comon 4 Dec 2013 at 4:02