Error UI upon calling registerCertificate for Clortho primary #1183
Comments
To Repro locally: |
One reason the error screen is being shown, is a self-signed SSL certificate. BrowserID attempts to authenticateWithAssertion which hits /wsapi/auth_with_assertion. This fails with
|
At https://github.com/mozilla/browserid/blob/dev/lib/primary.js#L195 |
This happens running SHIMMED and non-SHIMMED. |
Is there some magick with I've edited the source of it's declaration, restarted, and don't see my console.log statements. I've done the same to the other two functions with that name, no dice. https://gist.github.com/1895837 I can put the value of @benadida or @lloyd any thoughts? Summary: When we go to verify the chain, we think eyedee.me is the issuer. We then compare it's public key to the cert and die with "bad signature in chain". I've grepped through the code and don't see any hard-coded eyedee.me references. |
I'm dumb. grep'd my Primary's source and now see eyedee.me in lib/crypto.js. |
Okay, interestingly I still have "bad signature in chain". I see my server mentions provisioning a key with the algorithm 'DS' and browserid mentions an RSA key with algorithm 'RS'. Not sure if that is a mismatch, or meaningless. |
I found an issue with my logic, my Primary was issuing certificates for mozilla.com email addresses, instead of dev.clortho.org. I saw a With that fixed, I'm still getting "bad signature in chain". |
Okay... I've found another declaration of At this point: Here are the values of |
Updating to 256 bits. Everything looks good, but we fail at var sig_verification = key.verify(this.headerSegment + "." + this.payloadSegment, Here is an example of the live inputs: Hardcodding this call to true allows rest of flow to finish and proper assertion is granted. |
@benadida figured it out, I was using different key pairs in Meta observation is needing a way to detect this and inform primary developers. |
Marking this as Verified. |
I've hooked up a new primary pointed to dev.diresworb.org that takes your LDAP username + '@vinz.clortho.org' and your LDAP password.
I've loggedin to http://dev.myfavoritebeer.org/
Everything goes well, I see proper interaction in Firebug. After we call navigator.id.registerCertificate(r.cert);
then I see:
http://skitch.com/oztenskitch/8rey2/error-on-success
Steps to repro:
0) https://vinz.clortho.org/ - accept SSL cert exception
ozten@mozilla.com
Note: This isn't a stand-alone sign in screen, this is normally embeded in BrowserID, so don't worry about it not showing success, etc.
if you see
window.provision(null);
then your username and password didn't work in the previous step.You know have a valid session.
Example: ozten@vinz.clortho.org
I'll create a github repo soon with code for local debugging.
Note: There is an odd thing about the flow. Even though I have a good session, I'm still shown the login page....
The text was updated successfully, but these errors were encountered: