In case there are several OpenID providers in a cluster (e.g. using the
JdbcServerAssociationStore), the default IncrementalNonceGenerator can lead to
having the same openid.response_nonce for different requests. Additional
entropy is needed to prevent such a situation.
See attached file for a fix.
Original issue reported on code.google.com by cedrik.l...@gmail.com on 19 Dec 2013 at 1:47
Original issue reported on code.google.com by
cedrik.l...@gmail.comon 19 Dec 2013 at 1:47Attachments: