search

teintinu / dyuproject

Automatically exported from code.google.com/p/dyuproject
Apache License 2.0
1 stars 0 forks source link

IllegalStateException: association did not match #4

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,

I try to build a AuthModule based on jsr 196 like described here:
http://blogs.sun.com/enterprisetechtips/entry/adding_authentication_mechanisms_t
o_the

And therefor I use dyuproject 1.0.6 jars. 
Everything seems to work - and I will be redirected to my openID provider
(www.myopenid.com). But after completing the authentification process the 
method call:

    if(_relyingParty.associate(user, request, response))

always throws the following exception:

java.lang.IllegalStateException: association did not match.
    at
com.dyuproject.openid.DiffieHellmanAssociation.verifyAuth(DiffieHellmanAssociati
on.java:121)
    at com.dyuproject.openid.RelyingParty.verifyAuth(RelyingParty.java:275)
    at
org.imixs.openid.OpenIdAuthModule.validateRequest(OpenIdAuthModule.java:215)
    at
com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthConte
xt.validateRequest(GFServerConfigProvider.java:1174)
    at com.sun.web.security.RealmAdapter.validate(RealmAdapter.java:1261)
    at
com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1
143)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.jav
a:627)
    at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
    at
org.apache.catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:58
3)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:92)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
    at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
    at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150
)
    at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
    at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
    at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(Defa
ultProcessorTask.java:637)
    at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultP
rocessorTask.java:568)
    at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultPro
cessorTask.java:813)
    at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(De
faultReadTask.java:341)
    at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.
java:263)
    at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.
java:214)
    at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
    at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread
.java:106)

The user object is found and seems to have useful values.
I fear that I despise something important but did not now what.
Can you help me here?

ralph

Original issue reported on code.google.com by Ralph.so...@imixs.com on 14 Oct 2008 at 4:54

GoogleCodeExporter commented 9 years ago 
Hi Raplh,

That simply means that the assoc_handle expired or that your openid provider 
did not
send an openid.assoc_handle parameter from the auth response (redirect).

The assoc_handle acts like a session id for the request.  If the session id 
does not
match, then the auth response is not operating on the same session.

You've seen the SampleOpenIdServlet from the wiki with regards to the usage yes?

P.S The behavior could be changed that it would return false instead of 
throwing ISE.

Cheers

Original comment by david.yu...@gmail.com on 16 Oct 2008 at 9:38

GoogleCodeExporter commented 9 years ago 
And also its not during:
if(_relyingParty.associate(user, request, response))

Basing from the stacktrace, its actually 
RelyingParty.verifyAuth(RelyingParty.java:275)

Original comment by david.yu...@gmail.com on 16 Oct 2008 at 11:08

GoogleCodeExporter commented 9 years ago 
you just need to have proper handling.

Original comment by dyuproj...@gmail.com on 14 Nov 2008 at 7:12