Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[provider] The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. #43

Closed
GoogleCodeExporter opened this issue Mar 21, 2015 · 1 comment
Closed

[provider] The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. #43

GoogleCodeExporter opened this issue Mar 21, 2015 · 1 comment
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

I tried to implement an openid provider using lightopenid. It is accepted by an 
lightopenid consumer, but not by sourceforge or test-id.org

I tried to understand the issue but I am lost, this may be a bug in the way we 
use lightopenid-provider.


To reproduce
------------
1. Go to: http://test-id.org/OP/Sreg.aspx
2. Enter: https://stendhalgame.org
3. Login using ttttt / ttttt


Error message
-------------

Login failed: The OpenID Provider issued an assertion for an Identifier whose 
discovery information did not match.
Assertion endpoint info: 
    ClaimedIdentifier: https://stendhalgame.org/a/ttttt
    ProviderLocalIdentifier: https://stendhalgame.org/a/ttttt
    ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider

OpenID version: 2.0 Service Type URIs:
Discovered endpoint info: [{ 
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://stendhalgame.org/?id=content/account/openid-provider
    OpenID version: 2.0 Service Type URIs: http://specs.openid.net/auth/2.0/server },]




Our code
--------

Our code is at 
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/scripts/openid-provide
r.php?revision=1.7&view=markup (Note: the functions showConfirmationForm and 
getUserData are not used, yet).

The xrds document is declared by: header('X-XRDS-Location: 
'.STENDHAL_LOGIN_TARGET.'/?id=content/account/openid-provider&xrds');

The identifier points to an URL which simply displays a text: 
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/a.php?
revision=1.1&view=markup

The OpenidProvider is configured at
http://arianne.cvs.sf.net/viewvc/arianne/stendhal_website/content/account/openid
-provider.php?revision=1.2&view=markup

Original issue reported on code.google.com by HendrikU...@nexgo.de on 17 Jul 2011 at 11:27
@GoogleCodeExporter
Copy link
Author 

When the authentication process is complete, your provider returns claimed_id = 
https://stendhalgame.org/a/ttttt, which is fine. However, this url, when 
discovered, doesn't return a proper xrds (it returns server, instead of signon).

In order to fix it, set select_id to false when 
https://stendhalgame.org/a/ttttt is accessed, and preferably, xrdsLocation to 
something that will also return an xrds with select_id disabled (otherwise it 
might not work in some clients).

In other words: don't set select_id to true when an user's identity url is 
accessed.
It is documented in example.php (which uses select_id), by the way.

Anyway, thanks for the detailed bug report -- I've been able to (re-)discover 
the cause thanks to it.

And thanks for pointing me to a game I didn't play yet.

As usual, report any further problems.

Original comment by mewp...@gmail.com on 17 Jul 2011 at 12:25

  • Changed state: Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter