search

takcy / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Realm Verification for Google RP fails #140

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Send checkid_setup request with realm set as https://*.google.com and
return_to set as https://www.google.com/accounts/ForeignAccountVerifyReturn.

What is the expected output? What do you see instead?
Realm verification should succeed, but it fails.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by chandrik...@gmail.com on 16 Dec 2010 at 7:51

GoogleCodeExporter commented 8 years ago 
The reason the realm verification fails is that a GET with 'Accept: text/html; 
q=0.3, application/xhtml+xml; q=0.5, application/xrds+xml' header, causes 
https://www.google.com to return a 302.
If openid4java would retry GET with 'Accept: application/xrds+xml' 
https://www.google.com, it would return 200 with X-XRDS-Location header set.

I have a fix for this issue and will check it in soon.

Original comment by chandrik...@gmail.com on 16 Dec 2010 at 7:56

GoogleCodeExporter commented 8 years ago

Original comment by chandrik...@gmail.com on 16 Dec 2010 at 7:58

Attachments:

GoogleCodeExporter commented 8 years ago 

Checked in fix :

http://code.google.com/p/openid4java/source/diff?spec=svn654&r=654&format=side&p
ath=/trunk/src/org/openid4java/discovery/yadis/YadisResolver.java

Original comment by chandrik...@gmail.com on 20 Dec 2010 at 3:05

GoogleCodeExporter commented 8 years ago

Original comment by Johnny.B...@gmail.com on 31 Oct 2012 at 10:53