From angel.calvo at centic.es Wed Aug 1 04:01:44 2007 From: angel.calvo at centic.es (Angel Luis Calvo Ortega) Date: Wed, 01 Aug 2007 13:01:44 +0200 Subject: PHP Standalone OpenID Server and nonces In-Reply-To: <1185903252.5974.4.camel@localhost> References: <46A85EA6.9040901@centic.es> <1185903252.5974.4.camel@localhost> Message-ID: <46B06818.7070006@centic.es> An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070801/8036e225/attachment.html From cygnus at janrain.com Wed Aug 1 09:42:33 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 1 Aug 2007 09:42:33 -0700 Subject: Questions about JanRain PHP In-Reply-To: References: Message-ID: <20070801164233.GC32308@janrain.com> Hello, # First thing I've noticed is that on line 522 of PEAR/Auth/OpenID/ # Server.php -> $ml =& Auth_OpenID_getMathLib(); ... that $ml is not # used in the rest of the function answer($assoc). Is there a reason # it's there? That line is just stale. # There is a MySQL database installed with three tables # oid_associations, oid_nonces, and oid_settings. Using the server # example that comes with the library, the oid_associations table gets # used. But even when using the consumer example that comes with the # library, the oid_settings tables SEEM to me to not get used. Am I # wrong? The getAuthKey() code and related functionality is stale, depending on which library version you're using. The code is gone in the 2.x.x series of the library. # What is the purpose of getAuthKey()? I found something about # tokens, but I don't understand what that means. getAuthKey() was used to create a consumer-side secret to sign a "token" to identify an OpenID transaction. Because the token was originally appended to the return_to URL, it needed to be signed. Nowadays, the libraries put the transaction information into whatever session the RP environment provides, so the auth key and the settings table are no longer required. Hope that helps, -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From kevin at janrain.com Wed Aug 1 11:31:06 2007 From: kevin at janrain.com (Kevin Turner) Date: Wed, 01 Aug 2007 11:31:06 -0700 Subject: PHP Standalone OpenID Server and nonces In-Reply-To: <46B06818.7070006@centic.es> References: <46A85EA6.9040901@centic.es> <1185903252.5974.4.camel@localhost> <46B06818.7070006@centic.es> Message-ID: <1185993066.5974.66.camel@localhost> On Wed, 2007-08-01 at 13:01 +0200, Angel Luis Calvo Ortega wrote: > The consumer can't login in my php server, but in myopenid.com it > works. > Both receivings URLs contains deferents attributes, in first case it > has two (with different values) openid.rpnonce. Is your consumer using one of our OpenID libraries? I think the consumer must be putting two rpnonce parameters in to the return_to when it makes the checkid request; it seems unlikely that the server would add an extra one of those with a different value. Why, however, it does this with your server and not myopenid.com, I have no idea. -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid From nocturn00 at gmail.com Thu Aug 2 00:48:45 2007 From: nocturn00 at gmail.com (Nocturn) Date: Thu, 2 Aug 2007 09:48:45 +0200 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <20070731215341.GB32308@janrain.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> <20070731204844.GA32308@janrain.com> <39ffc7b00707311410t6a215cdfo5e1db7c84f7444f0@mail.gmail.com> <20070731215341.GB32308@janrain.com> Message-ID: <39ffc7b00708020048y23856faai8a97db7c47864d01@mail.gmail.com> 2007/7/31, Jonathan Daugherty : > > # Ok, thanks. It works for phpbb-openid, though I cannot use it on > # the openidenabled site yet, it gives: Error Type AssertionError > # Error Value Request made at 2007/07/31 14:09:34.897 GMT-7 > > According to the response I see in the OpenID test tool at > > http://www.openidenabled.com/resources/openid-test/ > > your PHP configuration does not support large number math with either > the bcmath or the GMP extension. One of those is required to run an > OpenID server. > Ok, are these modules that need to be installed? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070802/a76564e5/attachment.html From angel.calvo at centic.es Thu Aug 2 03:05:43 2007 From: angel.calvo at centic.es (Angel Luis Calvo Ortega) Date: Thu, 02 Aug 2007 12:05:43 +0200 Subject: PHP Standalone OpenID Server and nonces In-Reply-To: <1185993066.5974.66.camel@localhost> References: <46A85EA6.9040901@centic.es> <1185903252.5974.4.camel@localhost> <46B06818.7070006@centic.es> <1185993066.5974.66.camel@localhost> Message-ID: <46B1AC77.6060300@centic.es> An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070802/210feae8/attachment.htm From cygnus at janrain.com Thu Aug 2 09:21:10 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Thu, 2 Aug 2007 09:21:10 -0700 Subject: No service endpoints found on 2 different openid php servers In-Reply-To: <39ffc7b00708020048y23856faai8a97db7c47864d01@mail.gmail.com> References: <39ffc7b00707300148q7cc71317tb2658651608029fb@mail.gmail.com> <20070730231801.GB5981@janrain.com> <39ffc7b00707302329t6b57bd76s2e2f12f64d6fde3a@mail.gmail.com> <20070731204844.GA32308@janrain.com> <39ffc7b00707311410t6a215cdfo5e1db7c84f7444f0@mail.gmail.com> <20070731215341.GB32308@janrain.com> <39ffc7b00708020048y23856faai8a97db7c47864d01@mail.gmail.com> Message-ID: <20070802162110.GA4503@janrain.com> # > your PHP configuration does not support large number math with # > either the bcmath or the GMP extension. One of those is required # > to run an OpenID server. # > # # Ok, are these modules that need to be installed? Depending on the distribution, there may be packages available for each extension. (They are compiled C modules, not PHP modules.) If packages aren't available, PHP must be recompiled. I doubt dreamhost will be willing to do either, but you can ask about the first option. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From kevin at janrain.com Thu Aug 2 10:59:30 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 02 Aug 2007 10:59:30 -0700 Subject: PHP Standalone OpenID Server and nonces In-Reply-To: <46B1AC77.6060300@centic.es> References: <46A85EA6.9040901@centic.es> <1185903252.5974.4.camel@localhost> <46B06818.7070006@centic.es> <1185993066.5974.66.camel@localhost> <46B1AC77.6060300@centic.es> Message-ID: <1186077570.5974.69.camel@localhost> On Thu, 2007-08-02 at 12:05 +0200, Angel Luis Calvo Ortega wrote: > My consumer uses openid4java library, and nonces are inserted > automatically. In that case you probably want to also ask http://groups.google.com/group/openid4java -- keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid From will at willnorris.com Thu Aug 2 19:37:48 2007 From: will at willnorris.com (will at willnorris.com) Date: Thu, 2 Aug 2007 19:37:48 -0700 (PDT) Subject: darcs patch: prevent error 'call to member function of a non-object' Message-ID: <20070803023748.F09E4205C0E@aquinas.usc.edu> Thu Aug 2 19:29:21 PDT 2007 will at willnorris.com * prevent error 'call to member function of a non-object' Auth_OpenID_ServerErrorContainer::fromMessage assumes it is being passed an Auth_OpenID_Message object, and doesn't much like the empty string. A null return value is checked for both places _makeKVPost is called. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 1917 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070802/e813a4b5/attachment.bin From swati at ibcs.in Fri Aug 3 05:08:26 2007 From: swati at ibcs.in (Swati Mazumder) Date: Fri, 3 Aug 2007 17:38:26 +0530 Subject: open id server setup problem Message-ID: <004501c7d5c7$05cb82a0$6138e2dc@IBM59C3E89BC98> Hello, I have downloaded the library from http://www.openidenabled.com/openid/libraries/php/download. After installed the package, when I run 'detect.php', its showing Setup Incomplete Your system needs a few changes before it will be ready to run the OpenID library. at (http://www.sprummer.com/swati/detect.php) It is not showing any other error. Can anyone help me please? Swati -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070803/b4aaed0a/attachment.htm From cygnus at janrain.com Fri Aug 3 09:06:33 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 3 Aug 2007 09:06:33 -0700 Subject: darcs patch: prevent error 'call to member function of a non-object' In-Reply-To: <20070803023748.F09E4205C0E@aquinas.usc.edu> References: <20070803023748.F09E4205C0E@aquinas.usc.edu> Message-ID: <20070803160633.GB4503@janrain.com> # Thu Aug 2 19:29:21 PDT 2007 will at willnorris.com # * prevent error 'call to member function of a non-object' # # Auth_OpenID_ServerErrorContainer::fromMessage assumes it is being # passed an Auth_OpenID_Message object, and doesn't much like the # empty string. A null return value is checked for both places # _makeKVPost is called. You're right; thanks! I've applied it. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From cygnus at janrain.com Fri Aug 3 09:37:53 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 3 Aug 2007 09:37:53 -0700 Subject: open id server setup problem In-Reply-To: <004501c7d5c7$05cb82a0$6138e2dc@IBM59C3E89BC98> References: <004501c7d5c7$05cb82a0$6138e2dc@IBM59C3E89BC98> Message-ID: <20070803163753.GC4503@janrain.com> # Setup Incomplete Your system needs a few changes before it will be # ready to run the OpenID library. # # at (http://www.sprummer.com/swati/detect.php) # # It is not showing any other error. Can anyone help me please? Hi Swati, The script says, "Using (insecure) pseudorandom number source, because Auth_OpenID_RAND_SOURCE has been defined as null." That's not really an error condition, so perhaps the script's mention of a "few changes" is a bit extreme. You should be able to go ahead and use the library; your system passed the other checks (for GMP, SQL database support, etc.). -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From norman at rasmussen.co.za Fri Aug 3 15:07:21 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Sat, 4 Aug 2007 00:07:21 +0200 Subject: Search Engine indexing of OpenID pages. Message-ID: <5b698f5a0708031507m48159bb5i86ebf8f64e6e7fc1@mail.gmail.com> You can see the full list of available OpenID's at a provider with a simple search: http://www.google.com/search?q=site%3Aopenid.xmpp.za.net or for claimid: http://www.google.com/search?q=site%3Aopenid.claimid.com Should we be adding to the identity page template? -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ From swati at ibcs.in Mon Aug 6 11:47:20 2007 From: swati at ibcs.in (Swati Mazumder) Date: Tue, 7 Aug 2007 00:17:20 +0530 Subject: php server setup problem Message-ID: <004201c7d85a$40839550$b02ae2dc@IBM59C3E89BC98> Hello, I have read the README at http://www.openidenabled.com/resources/repos/php/openid/examples/README to setup the php openid example server. Here it is written Navigate to the server example. You'll be redirected to server/setup.php where you can choose some configuration options to generate a configuration. Once finished, you can download a file "config.php." Save that file in the example server directory.But when I am trying to run http://www.sprummer.com/swati/Main/server/setup.php (I have copied the server folder in Main directory) I can not see anything. Does anyone have any idea what can be the problem? Thanks, Swati -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070807/8b16c955/attachment.html From will at willnorris.com Mon Aug 6 13:32:47 2007 From: will at willnorris.com (Will Norris) Date: Mon, 6 Aug 2007 13:32:47 -0700 Subject: php-openid-2.0.0rc2 -> curl and wildcard certs Message-ID: It took me forever to figure out why I couldn't do delegated authentication using the 2.0.0rc2 PHP library, but I finally found it. My OpenID is delegated to MyOpenID, using a secure URL: MyOpenID uses a wildcard SSL certificate (*.myopenid.com) and curl chokes on this... SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:func(144):reason(134) So there are a few ways around this: - the easiest is that I change my delegation info to use the standard http URL. That works, but I lose the security (not really necessary in this use-case, but may be in others) - MyOpenID could use a standard, non-wildcard certificate. This isn't really ideal because the certificate actually is entirely valid and shouldn't have to be changed. - have curl accept the certificate. I was able to do this with `curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);` but that is very insecure since it turns off CN checking completely. Is there a way to have curl accept the wildcard certs? I know this may be a better question for the curl or PHP lists, but if it's not possible I'm curious to know the recommended course of action. From kevin at janrain.com Mon Aug 6 14:50:59 2007 From: kevin at janrain.com (Kevin Turner) Date: Mon, 06 Aug 2007 14:50:59 -0700 Subject: php-openid-2.0.0rc2 -> curl and wildcard certs In-Reply-To: References: Message-ID: <1186437059.5974.102.camel@localhost> On Mon, 2007-08-06 at 13:32 -0700, Will Norris wrote: > It took me forever to figure out why I couldn't do delegated > authentication using the 2.0.0rc2 PHP library, but I finally found > it. My OpenID is delegated to MyOpenID, using a secure URL: > > > MyOpenID uses a wildcard SSL certificate (*.myopenid.com) and curl > chokes on this... > SSL certificate problem, verify that the CA cert is OK. Details: > error:14090086:SSL routines:func(144):reason(134) It may be that this is due to a bug with cerl and wildcard certs, but in the past this sort of problem has come from one of two things: 1) the curl installation is using an old CA list that doesn't have a current key for the authority that signs https://*.myopenid.com. This may be fixed by updating the CA bundle as per the instructions at http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/caextract.html 2) the curl installation is linked against gnutls. gnutls seems to have problems talking to myopenid.com in situations where openssl does just fine. Relinking curl against openssl fixes things. From cygnus at janrain.com Mon Aug 6 15:27:09 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 6 Aug 2007 15:27:09 -0700 Subject: php server setup problem In-Reply-To: <004201c7d85a$40839550$b02ae2dc@IBM59C3E89BC98> References: <004201c7d85a$40839550$b02ae2dc@IBM59C3E89BC98> Message-ID: <20070806222709.GD4503@janrain.com> # Navigate to the server example. You'll be redirected to # server/setup.php where you can choose some configuration options to # generate a configuration. Once finished, you can download a file # "config.php." Save that file in the example server directory. # # But when I am trying to run # http://www.sprummer.com/swati/Main/server/setup.php (I have copied # the server folder in Main directory) I can not see anything. Does # anyone have any idea what can be the problem? Copying server/ into Main/ will only work if the parent directory of Auth/ is in the PHP include path. The README should make that clearer; sorry about that. Hope that helps, -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From markus at silverstripe.com Tue Aug 7 03:18:35 2007 From: markus at silverstripe.com (Markus Lanthaler) Date: Tue, 7 Aug 2007 12:18:35 +0200 Subject: Patch: Conflict when PEAR and a user created class DB is available In-Reply-To: <20070619164745.GP23186@janrain.com> References: <1CE2897F997A4C1ABFC801D2388EE75C@dell8300pc> <20070619164745.GP23186@janrain.com> Message-ID: <36C5750FE3294D369CE6D5E555BC5456@dell8300pc> I found a conflict and made a little patch for it. SQLStore.php tries to include DB.php to check if PEAR is available. When there is loaded already a class "DB" (which happens quite often), but also PEAR is available you'll get the following error: Fatal error: Cannot redeclare class DB in ... I created two simple patches since I didn't know which one is the better one. I prefer the second one because it eliminates the gloabal variable and doesn't require that the user specifies a constant, but feel free to choose one of the two: The first one introduces a new constant Auth_OpenID_PEAR_AVAILABLE which can be set to FALSE to solve the problem: { hunk ./Auth/OpenID/SQLStore.php 24 -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; +if(defined('Auth_OpenID_PEAR_AVAILABLE') && !Auth_OpenID_PEAR_AVAILABLE) { + $__Auth_OpenID_PEAR_AVAILABLE = false; +} else { + $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; +} + } The second one checks if a class DB is already declared and doesn't include DB.php if so. Then it tries to set the fetch mode only if the relevant constant is set: { hunk ./Auth/OpenID/SQLStore.php 23 -global $__Auth_OpenID_PEAR_AVAILABLE; -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; +if((version_compare(phpversion(), "5.0.0", "<") && !class_exists('DB')) || + (version_compare(phpversion(), "5.0.0", ">=") && + !class_exists('DB', false))) { + // The class DB doesn't exists yet, try to include it + @include_once 'DB.php'; +} + hunk ./Auth/OpenID/SQLStore.php 91 - global $__Auth_OpenID_PEAR_AVAILABLE; - hunk ./Auth/OpenID/SQLStore.php 113 - if ($__Auth_OpenID_PEAR_AVAILABLE) { - $this->connection->setFetchMode(DB_FETCHMODE_ASSOC); + if (defined('DB_FETCHMODE_ASSOC')) { + @$this->connection->setFetchMode(DB_FETCHMODE_ASSOC); } Markus Lanthaler From swati at ibcs.in Tue Aug 7 09:14:46 2007 From: swati at ibcs.in (Swati Mazumder) Date: Tue, 7 Aug 2007 21:44:46 +0530 Subject: php server setup problem Message-ID: <002d01c7d90e$173e8010$5b0ae2dc@IBM59C3E89BC98> Hello Jonathan, I am trying to setup the php openid server following the guidance at http://www.openidenabled.com/resources/repos/php/openid/examples/README, here it is mentioned,- Navigate to the server example. You'll be redirected to server/setup.php where you can choose some configuration options to generate a configuration. Once finished, you can download a file "config.php." Save that file in the example server directory.I have done exactly the same, a 'config.php' is generated and copied in example server directory, but after that when I am trying to run http://www.sprummer.com/examples/server/server.php, it still shows that it needs some configuration change.Am I missing anything? Can you please help? Thanks,Swati -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070807/1762379c/attachment.html From cygnus at janrain.com Tue Aug 7 09:36:44 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 7 Aug 2007 09:36:44 -0700 Subject: php server setup problem In-Reply-To: <002d01c7d90e$173e8010$5b0ae2dc@IBM59C3E89BC98> References: <002d01c7d90e$173e8010$5b0ae2dc@IBM59C3E89BC98> Message-ID: <20070807163644.GF4503@janrain.com> # I have done exactly the same, a 'config.php' is generated and copied # in example server directory, but after that when I am trying to run # http://www.sprummer.com/examples/server/server.php, it still shows # that it needs some configuration change. Am I missing anything? The config file needs to be wrapped with . That bug is fixed in the 2.x.x series of the library. -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From swati at ibcs.in Wed Aug 8 01:01:07 2007 From: swati at ibcs.in (Swati Mazumder) Date: Wed, 8 Aug 2007 13:31:07 +0530 Subject: php server setup problem Message-ID: <006a01c7d992$4ac7a900$b64be2dc@IBM59C3E89BC98> Hello Jonathan, ## I have done exactly the same, a 'config.php' is generated and copied ## in example server directory, but after that when I am trying to run ## http://www.sprummer.com/examples/server/server.php, it still shows ## that it needs some configuration change. Am I missing anything? #The config file needs to be wrapped with . That bug is #fixed in the 2.x.x series of the library. Now the http://www.sprummer.com/examples/server/server.php page is coming blank, no error. I think that the server is setup. I have set up the consumer part at http://www.sprummer.com/examples/consumer/ and now want to try the example server authentication. When I run http://www.sprummer.com/examples/consumer/index.php I am supposed to enter an openID, can you please tell me which value I should put here to test the authentication? I have added the url http://www.sprummer.com/examples/consumer/index.php at the time of generating config file, but when I add this url to verify, its showing authentication error, not a valid open ID. Please help. Thanks, Swati -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070808/a3f1b5a3/attachment.htm From jm at mayfirst.org Thu Aug 9 15:59:05 2007 From: jm at mayfirst.org (Jamie McClelland) Date: Thu, 9 Aug 2007 18:59:05 -0400 Subject: problems with mod_auth_openid In-Reply-To: References: Message-ID: <20070809225905.GH4466@mayfirst.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I just installed the PHP Standalone server and it seems to be working well. However, I can't get it to work with mod_auth_openid. Other identity providers work fine, however, when using the PHP Standalone server mod_auth_openid fails with: There was either no identity provider found at the identity URL given or there was trouble connecting to it. The apache logs show a connection from the consumer. But - I can't figure out why it is not completing the connection. Are there any logging or debugging options available to try to determine what is going on? Thanks, jamie - -- Jamie McClelland 718-303-3204 ext. 101 May First/People Link Growing networks to build a just world http://www.mayfirst.org Members Local 1180, Communications Workers of America, AFL-CIO PGP Key: http://mayfirst.org/jamie-pgp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGu5w5nq83YnbMBX0RAgm2AJ9wQwM8/bdsaH3ZdZ3r1umlhdg1kACgr0oy 6TPxKQLn5dYu7iYEZNje4o8= =HYyP -----END PGP SIGNATURE----- From swati at ibcs.in Fri Aug 10 08:09:45 2007 From: swati at ibcs.in (Swati Mazumder) Date: Fri, 10 Aug 2007 20:39:45 +0530 Subject: php server setup problem Message-ID: <001701c7db60$88c677c0$572ce2dc@IBM59C3E89BC98> Hi,I have set up the php openid server. When I run http://www.sprummer.com/examples/server/server.php, the page is coming blank, there is no error message. But, when I run http://www.sprummer.com/examples/consumer/index.php to test the authentication, its showing authentication error, not a valid open ID. Any idea what can be the problem, may be I am making some silly mistake. Please help. Thanks, Swati -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070810/17273f12/attachment.htm From asher at asherwolf.com Sat Aug 11 21:09:55 2007 From: asher at asherwolf.com (Asher Wolfstein) Date: Sat, 11 Aug 2007 22:09:55 -0600 Subject: Something I noticed about $__Auth_OpenID_PEAR_AVAILABLE; Message-ID: <3C7D3D39-A0C3-429B-A01D-5AB13A5B0AA3@asherwolf.com> global $__Auth_OpenID_PEAR_AVAILABLE; $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; --- If DB is installed, but you use a descendent of Auth_OpenID_DatabaseConnection, say for MDB2 wrapper (if it was even necessary? Did I just do work for nothing?) This still returns a value, causing setfetchmode to throw an error later. Was my MDB2 wrapper necessary? I wanted to use it instead of DB. Asher From markus at silverstripe.com Mon Aug 13 01:13:55 2007 From: markus at silverstripe.com (Markus Lanthaler) Date: Mon, 13 Aug 2007 10:13:55 +0200 Subject: Something I noticed about $__Auth_OpenID_PEAR_AVAILABLE; In-Reply-To: <3C7D3D39-A0C3-429B-A01D-5AB13A5B0AA3@asherwolf.com> References: <3C7D3D39-A0C3-429B-A01D-5AB13A5B0AA3@asherwolf.com> Message-ID: <225FFAEBDAB44BDAA04EC54D62DC2EF1@dell8300pc> > If DB is installed, but you use a descendent of > Auth_OpenID_DatabaseConnection, say for MDB2 wrapper (if it was even > necessary? Did I just do work for nothing?) This still returns a > value, causing setfetchmode to throw an error later. Hi, I found another situation where this causes a problem and submitted already a patch (hope it will be applied soon!): ----- Original Message ----- From: "Markus Lanthaler" To: "discuss OpenID libraries and development" Sent: Tuesday, August 07, 2007 12:18 PM Subject: Patch: Conflict when PEAR and a user created class DB is available >I found a conflict and made a little patch for it. SQLStore.php tries to > include DB.php to check if PEAR is available. > When there is loaded already a class "DB" (which happens quite often), but > also PEAR is available you'll get the following error: > > Fatal error: Cannot redeclare class DB in ... > > I created two simple patches since I didn't know which one is the better > one. I prefer the second one because it eliminates the gloabal variable > and > doesn't require that the user specifies a constant, but feel free to > choose > one of the two: > > The first one introduces a new constant Auth_OpenID_PEAR_AVAILABLE which > can > be set to FALSE to solve the problem: > > { > hunk ./Auth/OpenID/SQLStore.php 24 > -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > +if(defined('Auth_OpenID_PEAR_AVAILABLE') && !Auth_OpenID_PEAR_AVAILABLE) > { > + $__Auth_OpenID_PEAR_AVAILABLE = false; > +} else { > + $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > +} > + > } > > > The second one checks if a class DB is already declared and doesn't > include > DB.php if so. Then it tries to set the fetch mode only if the relevant > constant is set: > > { > hunk ./Auth/OpenID/SQLStore.php 23 > -global $__Auth_OpenID_PEAR_AVAILABLE; > -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; > +if((version_compare(phpversion(), "5.0.0", "<") && !class_exists('DB')) > || > + (version_compare(phpversion(), "5.0.0", ">=") && > + !class_exists('DB', false))) { > + // The class DB doesn't exists yet, try to include it > + @include_once 'DB.php'; > +} > + > hunk ./Auth/OpenID/SQLStore.php 91 > - global $__Auth_OpenID_PEAR_AVAILABLE; > - > hunk ./Auth/OpenID/SQLStore.php 113 > - if ($__Auth_OpenID_PEAR_AVAILABLE) { > - $this->connection->setFetchMode(DB_FETCHMODE_ASSOC); > + if (defined('DB_FETCHMODE_ASSOC')) { > + @$this->connection->setFetchMode(DB_FETCHMODE_ASSOC); > } > > > > Markus Lanthaler > From pub1 at hverdag.dk Mon Aug 13 10:09:13 2007 From: pub1 at hverdag.dk (Myself) Date: Mon, 13 Aug 2007 19:09:13 +0200 Subject: Bad signature problem Message-ID: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> I have a problem with OpenID consumer that prevents me from enabling it on my website. I quite often (but not every time) get the error "OpenID authentication failed: Bad signature" when I try to login on our production website, which is a Linux box. I don't think I have ever received that error on my local Windows developer machine. I googled for this error message and found other people having the same problem. One said he found out it was caused by a faulty GMP library - but we don't use GMP on the server, but bcmath. Another person was also using bcmath and he wrote "the solution was to remove the record for this server from th xxx_openid_associations table...". But I'm not sure what he references to and what I need to do in my case. I don't use a database-based store, but a file-based store. I'm using the JanRain OpenID library version 1.2.2. Also I haven't gotten a randomness source from my ISP yet - in what degree do I "need" that by the way? Anyway, when I implemented the system everything seemed to work fine, but then it started getting these signature errors ever since. Any ideas? Regards, Allan Jensen, WebEngineer WinterNet Studio, Norway -- I am using the free version of SPAMfighter for private users. It has removed 16875 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070813/edfb0108/attachment.htm From openid at markjr.net Mon Aug 13 12:13:39 2007 From: openid at markjr.net (Mark Jeftovic) Date: Mon, 13 Aug 2007 15:13:39 -0400 Subject: how to pass custom state data through login? Message-ID: <46C0AD63.6090701@markjr.net> Hi, I'm using Auth_OpenID-1.2.2 and I'm trying to figure out how a consumer can attach some custom state data to the authentication process so it can act on that data after the user authenticates. Looking at the spec it seems you should be able to do this via the openid.return_to URL? Would this be by adding more GET params to it? " openid.return_to Note: The return_to URL MAY be used as a mechanism for the Relying Party to attach context about the authentication request to the authentication response. This document does not define a mechanism by which the RP can ensure that query parameters are not modified by outside parties; such a mechanism can be defined by the RP itself." But I'm not sure how to implement this. In the examples I tried adding a get param to the $process_url in consumer.php, I also trying setting it explicitly: $store = new Auth_OpenID_FileStore($store_path); $consumer = new Auth_OpenID_Consumer($store); $consumer->return_to_args['mydata']="mydata"; But all I get back in the nonce. What am I overlooking? thx -mark From norman at rasmussen.co.za Tue Aug 14 03:05:42 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Tue, 14 Aug 2007 12:05:42 +0200 Subject: Bad signature problem In-Reply-To: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> References: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> Message-ID: <5b698f5a0708140305o2b08c8f9v7ffbe78e37755915@mail.gmail.com> On 8/13/07, Myself wrote: > > I have a problem with OpenID consumer that prevents me from enabling it > on my website. > > I quite often (but not every time) get the error "OpenID authentication > failed: Bad signature" when I try to login on our production website, which > is a Linux box. I don't think I have ever received that error on my local > Windows developer machine. I googled for this error message and found other > people having the same problem. One said he found out it was caused by a > faulty GMP library - but we don't use GMP on the server, but bcmath. Another > person was also using bcmath and he wrote "the solution was to remove the > record for this server from th xxx_openid_associations table...". But I'm > not sure what he references to and what I need to do in my case. I don't use > a database-based store, but a file-based store. I'm using the JanRain OpenID > library version 1.2.2. Also I haven't gotten a randomness source from my > ISP yet - in what degree do I "need" that by the way? Anyway, when I > implemented the system everything seemed to work fine, but then it started > getting these signature errors ever since. Any ideas? > Does http://lists.openidenabled.com/pipermail/dev/2007-February/000278.htmlhelp? -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070814/c6a785eb/attachment.htm From tinywizard.nz at gmail.com Tue Aug 14 04:12:29 2007 From: tinywizard.nz at gmail.com (Phil Y) Date: Tue, 14 Aug 2007 07:12:29 -0400 Subject: Bad signature problem In-Reply-To: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> References: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> Message-ID: define('Auth_OpenID_NO_MATH_SUPPORT', 1); This should be all that you need to fix this problem. On 8/13/07, Myself wrote: > > > I have a problem with OpenID consumer that prevents me from enabling it on > my website. > > I quite often (but not every time) get the error "OpenID authentication > failed: Bad signature" when I try to login on our production website, which > is a Linux box. I don't think I have ever received that error on my local > Windows developer machine. I googled for this error message and found other > people having the same problem. One said he found out it was caused by a > faulty GMP library - but we don't use GMP on the server, but bcmath. Another > person was also using bcmath and he wrote "the solution was to remove the > record for this server from th xxx_openid_associations table...". But I'm > not sure what he references to and what I need to do in my case. I don't use > a database-based store, but a file-based store. I'm using the JanRain OpenID > library version 1.2.2. Also I haven't gotten a randomness source from my ISP > yet - in what degree do I "need" that by the way? Anyway, when I implemented > the system everything seemed to work fine, but then it started getting these > signature errors ever since. Any ideas? > > Regards, > Allan Jensen, WebEngineer > WinterNet Studio, Norway > ________________________________ > I am using the free version of SPAMfighter for private users. > It has removed 16875 spam emails to date. > Paying users do not have this message in their emails. > Try SPAMfighter for free now! > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > From pub1 at hverdag.dk Tue Aug 14 05:09:07 2007 From: pub1 at hverdag.dk (Myself) Date: Tue, 14 Aug 2007 14:09:07 +0200 Subject: Bad signature problem References: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> Message-ID: <000c01c7de6b$ea2552d0$0202fea9@allansharehim> Then it starts to say "OpenID authentication failed: Server denied check_authentication" instead once in a while! Allan ----- Original Message ----- From: "Phil Y" To: "discuss OpenID libraries and development" Sent: Tuesday, August 14, 2007 1:12 PM Subject: Re: Bad signature problem > define('Auth_OpenID_NO_MATH_SUPPORT', 1); > > This should be all that you need to fix this problem. > > On 8/13/07, Myself wrote: >> >> >> I have a problem with OpenID consumer that prevents me from enabling it >> on >> my website. >> >> I quite often (but not every time) get the error "OpenID authentication >> failed: Bad signature" when I try to login on our production website, >> which >> is a Linux box. I don't think I have ever received that error on my local >> Windows developer machine. I googled for this error message and found >> other >> people having the same problem. One said he found out it was caused by a >> faulty GMP library - but we don't use GMP on the server, but bcmath. >> Another >> person was also using bcmath and he wrote "the solution was to remove the >> record for this server from th xxx_openid_associations table...". But I'm >> not sure what he references to and what I need to do in my case. I don't >> use >> a database-based store, but a file-based store. I'm using the JanRain >> OpenID >> library version 1.2.2. Also I haven't gotten a randomness source from my >> ISP >> yet - in what degree do I "need" that by the way? Anyway, when I >> implemented >> the system everything seemed to work fine, but then it started getting >> these >> signature errors ever since. Any ideas? >> >> Regards, >> Allan Jensen, WebEngineer >> WinterNet Studio, Norway >> ________________________________ >> I am using the free version of SPAMfighter for private users. >> It has removed 16875 spam emails to date. >> Paying users do not have this message in their emails. >> Try SPAMfighter for free now! >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev -- I am using the free version of SPAMfighter for private users. It has removed 16938 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len From pub1 at hverdag.dk Tue Aug 14 05:23:40 2007 From: pub1 at hverdag.dk (Myself) Date: Tue, 14 Aug 2007 14:23:40 +0200 Subject: Bad signature problem References: <000a01c7ddcc$ac2c4dc0$0300000a@allansharehim> <5b698f5a0708140305o2b08c8f9v7ffbe78e37755915@mail.gmail.com> Message-ID: <003401c7de6d$f2c5f690$0202fea9@allansharehim> The mbstring extension is not installed on the server, so the mb_internal_encoding() function is of course not available - and I believe the character encoding is ISO-8859-1, since the iconv extension is installed and it says iconv.input_encoding = ISO-8859-1. I also tried using this: define('Auth_OpenID_NO_MATH_SUPPORT', 1); ...but then it starts to say "OpenID authentication failed: Server denied check_authentication" instead once in a while! Regards, Allan Jensen Website Developer, WinterNet Studio, Denmark/Norway ----- Original Message ----- From: Norman Rasmussen To: discuss OpenID libraries and development Sent: Tuesday, August 14, 2007 12:05 PM Subject: Re: Bad signature problem On 8/13/07, Myself wrote: I have a problem with OpenID consumer that prevents me from enabling it on my website. I quite often (but not every time) get the error "OpenID authentication failed: Bad signature" when I try to login on our production website, which is a Linux box. I don't think I have ever received that error on my local Windows developer machine. I googled for this error message and found other people having the same problem. One said he found out it was caused by a faulty GMP library - but we don't use GMP on the server, but bcmath. Another person was also using bcmath and he wrote "the solution was to remove the record for this server from th xxx_openid_associations table...". But I'm not sure what he references to and what I need to do in my case. I don't use a database-based store, but a file-based store. I'm using the JanRain OpenID library version 1.2.2. Also I haven't gotten a randomness source from my ISP yet - in what degree do I "need" that by the way? Anyway, when I implemented the system everything seemed to work fine, but then it started getting these signature errors ever since. Any ideas? Does http://lists.openidenabled.com/pipermail/dev/2007-February/000278.html help? -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ ------------------------------------------------------------------------------ _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -- I am using the free version of SPAMfighter for private users. It has removed 16938 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070814/a3190564/attachment.html From jm at mayfirst.org Sat Aug 18 00:17:08 2007 From: jm at mayfirst.org (Jamie McClelland) Date: Sat, 18 Aug 2007 03:17:08 -0400 Subject: problems with mod_auth_openid In-Reply-To: <20070809225905.GH4466@mayfirst.org> References: <20070809225905.GH4466@mayfirst.org> Message-ID: <20070818071708.GU5337@mayfirst.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu Aug 09, Jamie McClelland wrote: > Hi all, > > I just installed the PHP Standalone server and it seems to be working well. > > However, I can't get it to work with mod_auth_openid. I seem to have traced the problem to the math library. I'm running Debian, which includes the slow bc math functions but not the fastet gmp functions in PHP (for a discussion, see: http://lists.danga.com/pipermail/yadis/2005-August/thread.html#1336). On a relatively fast machine, it takes 35 seconds for the PHP openid library to run the bcpowmod() function. That causes mod_auth_openid to time out :(. I've recompiled with gmp support and the problem is solved. I don't know anything about math - is there a faster way to do that math? Is there a command line tool that could produce the numbers via a php exec call? Recompiling php is real pain - but without doing that I don't see how it's possible to use the php stand alone server :(. jamie - -- Jamie McClelland 718-303-3204 ext. 101 May First/People Link Growing networks to build a just world http://www.mayfirst.org Members Local 1180, Communications Workers of America, AFL-CIO PGP Key: http://mayfirst.org/jamie-pgp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGxpz0nq83YnbMBX0RAt5oAJ9PZOkxt+MFNaLZwmncYf+W5NEoAQCfWQjo DfbmIG8VB8Vmc2YKELzmQjU= =Oi7o -----END PGP SIGNATURE----- From hello at saxsux.me.uk Sat Aug 18 13:12:36 2007 From: hello at saxsux.me.uk (Josh Smith) Date: Sat, 18 Aug 2007 13:12:36 -0700 Subject: Problem with PHP Standalone OpenID Server Message-ID: <559a491bcec82c08d479292bd12b7139@mail.lil.org.uk> I've installed the standalone OpenID server and created an account on it, but whenever I try to sign in on an OpenID-enabled site I get this message: Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 How can I fix this? From pub1 at hverdag.dk Sat Aug 18 13:43:57 2007 From: pub1 at hverdag.dk (Myself) Date: Sat, 18 Aug 2007 22:43:57 +0200 Subject: Problem with PHP Standalone OpenID Server References: <559a491bcec82c08d479292bd12b7139@mail.lil.org.uk> Message-ID: <000b01c7e1d8$7f96c000$0202fea9@allansharehim> Since the server doesn't seem to have a randomness source, you'll have to run in operate in pseudorandomness mode (less secure, but I don't know how much). You do that by putting setting the constant of that name to null. Put this line in your script before you instantiate the class. define('Auth_OpenID_RAND_SOURCE', null); -Allan ----- Original Message ----- From: "Josh Smith" To: Sent: Saturday, August 18, 2007 10:12 PM Subject: Problem with PHP Standalone OpenID Server > I've installed the standalone OpenID server and created an account on it, > but whenever I try to sign in on an OpenID-enabled site I get this > message: > Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an > insecure random number generator. in > /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 > > How can I fix this? > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -- I am using the free version of SPAMfighter for private users. It has removed 17259 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len From hello at saxsux.me.uk Sat Aug 18 13:52:22 2007 From: hello at saxsux.me.uk (Josh Smith) Date: Sat, 18 Aug 2007 13:52:22 -0700 Subject: Problem with PHP Standalone OpenID Server In-Reply-To: <000b01c7e1d8$7f96c000$0202fea9@allansharehim> References: <000b01c7e1d8$7f96c000$0202fea9@allansharehim> Message-ID: <8d1e502869e9f2e803a382ecc571f04a@mail.lil.org.uk> It's working fine now. Thanks Allan! On Sat, 18 Aug 2007 22:43:57 +0200, Myself wrote: > Since the server doesn't seem to have a randomness source, you'll have to > run in operate in pseudorandomness mode (less secure, but I don't know how > much). You do that by putting setting the constant of that name to null. > Put > this line in your script before you instantiate the class. > > define('Auth_OpenID_RAND_SOURCE', null); > > -Allan > > ----- Original Message ----- > From: "Josh Smith" > To: > Sent: Saturday, August 18, 2007 10:12 PM > Subject: Problem with PHP Standalone OpenID Server > > >> I've installed the standalone OpenID server and created an account on > it, >> but whenever I try to sign in on an OpenID-enabled site I get this >> message: >> Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an >> insecure random number generator. in >> /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 >> >> How can I fix this? >> >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> > > > -- > I am using the free version of SPAMfighter for private users. > It has removed 17259 spam emails to date. > Paying users do not have this message in their emails. > Get the free SPAMfighter here: http://www.spamfighter.com/len > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev From benjamin.heil at wankoo.org Mon Aug 20 07:29:08 2007 From: benjamin.heil at wankoo.org (Benjamin Heil) Date: Mon, 20 Aug 2007 16:29:08 +0200 Subject: Problem with PHP Standalone OpenID Server Message-ID: <46C9A534.7040903@wankoo.org> Hello, I've installed Version 1.1 of PHP Standalone OpenID Server from http://www.openidenabled.com/openid/php-standalone-openid-server/ and Version 1.2.2 of PHP OpenID lib in PEAR. I run PHP as CGI. So I changed the apache_request_headers() call and the following foreach to this code, which should work fine: if (preg_match("/application\/xrds\+xml/", $_SERVER["HTTP_ACCEPT"])) $server_xrds_now = true; I register an user "test" with the password "test42". When I now try to log in any page using OpenID it fails. Checking the server at http://www.openidenabled.com/resources/openid-test/diagnose-server/ with input http://openid.wankoo.org/?user=test fails with a lot of errors, but I think the important one is this: Getting association: missing key in response from http://openid.wankoo.org/index.php/serve: assoc_type How to fix this issue? Can anybody help? Thank you very much! Benjamin From norman at rasmussen.co.za Mon Aug 20 08:06:35 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Mon, 20 Aug 2007 17:06:35 +0200 Subject: Problem with PHP Standalone OpenID Server In-Reply-To: <46C9A534.7040903@wankoo.org> References: <46C9A534.7040903@wankoo.org> Message-ID: <5b698f5a0708200806w46b6d069r98cc403b435e61e2@mail.gmail.com> On 8/20/07, Benjamin Heil wrote: > > Getting association: missing key in response from > http://openid.wankoo.org/index.php/serve: assoc_type > Check to see if all the db tables were created correctly, they might not have been. -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070820/2bf9e9a2/attachment.htm From benjamin.heil at wankoo.org Mon Aug 20 10:05:52 2007 From: benjamin.heil at wankoo.org (Benjamin Heil) Date: Mon, 20 Aug 2007 19:05:52 +0200 Subject: Problem with PHP Standalone OpenID Server In-Reply-To: <5b698f5a0708200806w46b6d069r98cc403b435e61e2@mail.gmail.com> References: <46C9A534.7040903@wankoo.org> <5b698f5a0708200806w46b6d069r98cc403b435e61e2@mail.gmail.com> Message-ID: <46C9C9F0.3030404@wankoo.org> Hi Norman, thanks for your reply. As far as I can see, all tables are created correctly. I removed all tables from the database to test a fresh install, but the problem is the same. (The db user has all rights on the specific database.) The server is a Debian Etch system with php 5.2 and MySQL 5.0. Here's a dump from phpmyadmin: CREATE TABLE `accounts` ( `id` int(11) NOT NULL auto_increment, `username` varchar(255) default NULL, `password` varchar(32) default NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; INSERT INTO `accounts` (`id`, `username`, `password`) VALUES (1, 'test', 'a681d0039910f6b38666d5cbc2e5ac1d'); CREATE TABLE `identities` ( `id` int(11) NOT NULL auto_increment, `account` varchar(255) NOT NULL, `url` text NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `account` (`account`,`url`(255)) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; INSERT INTO `identities` (`id`, `account`, `url`) VALUES (1, 'test', 'http://openid.wankoo.org/?user=test'); CREATE TABLE `personas` ( `id` int(11) NOT NULL auto_increment, `account` varchar(255) NOT NULL, `nickname` varchar(255) default NULL, `email` varchar(255) default NULL, `fullname` varchar(255) default NULL, `dob` date default NULL, `gender` char(1) default NULL, `postcode` varchar(255) default NULL, `country` varchar(32) default NULL, `language` varchar(32) default NULL, `timezone` varchar(255) default NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; CREATE TABLE `sites` ( `account` varchar(255) NOT NULL, `trust_root` text, `trusted` tinyint(1) default NULL, UNIQUE KEY `account` (`account`,`trust_root`(255)) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; Norman Rasmussen schrieb: > On 8/20/07, *Benjamin Heil* > wrote: > > Getting association: missing key in response from > http://openid.wankoo.org/index.php/serve: assoc_type > > > Check to see if all the db tables were created correctly, they might not > have been. > > -- > - Norman Rasmussen > - Email: norman at rasmussen.co.za > - Home page: http://norman.rasmussen.co.za/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev From minni at stat.unipd.it Wed Aug 22 08:14:10 2007 From: minni at stat.unipd.it (Tomaso Minelli) Date: Wed, 22 Aug 2007 17:14:10 +0200 Subject: MySQL bug Message-ID: <46CC52C2.3020703@stat.unipd.it> On my MySQL5 the indexes cannot be longer than 1000 bytes, than using utf8 I've modified in storage.php the init function, forcing indexing by UNIQUE (account(25), url(300))) I hope to be useful Minni function _init() { $sreg_fields_sql = array('nickname VARCHAR(255)', 'email VARCHAR(255)', 'fullname VARCHAR(255)', 'dob DATE', 'gender CHAR(1)', 'postcode VARCHAR(255)', 'country VARCHAR(32)', 'language VARCHAR(32)', 'timezone VARCHAR(255)'); $personas = "CREATE TABLE personas (id INTEGER AUTO_INCREMENT ". "NOT NULL PRIMARY KEY, ". "account VARCHAR(255) NOT NULL, ".implode(", ", $sreg_fields_sql).")"; // Create tables for OpenID storage backend. $tables = array( "CREATE TABLE identities (id INTEGER AUTO_INCREMENT ". "NOT NULL PRIMARY KEY, ". "account VARCHAR(255) NOT NULL, url TEXT NOT NULL, ". "UNIQUE (account(25), url(300)))", $personas, "CREATE TABLE sites (account VARCHAR(255) NOT NULL, ". "trust_root TEXT, trusted BOOLEAN, ". "UNIQUE (account(25), trust_root(300)))" ); foreach ($tables as $t) { $result = $this->db->query($t); } } From cygnus at janrain.com Wed Aug 22 09:48:33 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 22 Aug 2007 09:48:33 -0700 Subject: MySQL bug In-Reply-To: <46CC52C2.3020703@stat.unipd.it> References: <46CC52C2.3020703@stat.unipd.it> Message-ID: <20070822164833.GF13004@janrain.com> # On my MySQL5 the indexes cannot be longer than 1000 bytes, than # using utf8 I've modified in storage.php the init function, forcing # indexing by UNIQUE (account(25), url(300))) Hello, Unfortunately this problem affects quite a few versions of MySQL and the index size limit varies, so the workaround varies, too. It would be better to upgrade to a version of MySQL with a fix; it's important that the unique index cover the entire (account, url) value. Thanks! -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com From openid at markjr.net Wed Aug 22 12:26:18 2007 From: openid at markjr.net (Mark Jeftovic) Date: Wed, 22 Aug 2007 15:26:18 -0400 Subject: examples/Consumer.php not following delegation Message-ID: <46CC8DDA.20909@markjr.net> Hi, I'm using PHP Openid 1.2.2 and testing from a couple of different places, I can't get the examples/Consumer.php to follow a delegation from an openid URL using embeded link tags. So using this example script: http://205.234.220.154/examples/consumer/ I can enter http://claimid.com/markjr and it works as expected, prompting me to authenticate. Then I try the same form using the openid url: http://mark.jeftovic.net/~markjr/openid.html which uses the delegation below and works on other openid enabled sites (like the drupal openid module at http://domainhelp.com ) But the example Consumer.php does not follow the delegation, it fails with an Authentication Error - looking further, line 48 of try_auth.php // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); returns false for $auth_request, I haven't gotten deeper into it than this yet, I was hoping this was a known issue. What do I have to take into account to get this example working with delegations as well? Thanks -mark From norman at rasmussen.co.za Wed Aug 22 12:39:23 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Wed, 22 Aug 2007 21:39:23 +0200 Subject: examples/Consumer.php not following delegation In-Reply-To: <46CC8DDA.20909@markjr.net> References: <46CC8DDA.20909@markjr.net> Message-ID: <5b698f5a0708221239x4129427axee9cbcdaa35ad4cc@mail.gmail.com> On 8/22/07, Mark Jeftovic wrote: > > http://mark.jeftovic.net/~markjr/openid.html > which uses the delegation below and works on other openid enabled sites What do I have to take into account to get this example working with > delegations as well? > Try a valid html page, like this:

Hi this is my openid delegation

-- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070822/63cd654f/attachment.html From openid at ryanb.org Sat Aug 25 20:36:21 2007 From: openid at ryanb.org (Ryan Barrett) Date: Sat, 25 Aug 2007 20:36:21 -0700 (PDT) Subject: patch: minor bugfix in cryptutil.py Message-ID: hi all. i've attached a patch that fixes a minor bug in the python openid library, in cryptutil.py. the patch is against 2.0.0-rc3b. specifically, cryptutil has a code path that tries a few different sources of randomness in succession. one of them expects an OSError if a file() call fails, but file() throws IOError, not OSError. we're trying out the python openid library in a chroot, so this bit us. -Ryan p.s. out of curiosity, why are comments on openidenabled.com disabled? -- http://snarfed.org/ From openid at ryanb.org Sat Aug 25 20:40:24 2007 From: openid at ryanb.org (Ryan Barrett) Date: Sat, 25 Aug 2007 20:40:24 -0700 (PDT) Subject: patch: minor bugfix in cryptutil.py In-Reply-To: References: Message-ID: and again, with the patch. :P On Sat, 25 Aug 2007, Ryan Barrett wrote: > hi all. i've attached a patch that fixes a minor bug in the python openid > library, in cryptutil.py. the patch is against 2.0.0-rc3b. > > specifically, cryptutil has a code path that tries a few different sources of > randomness in succession. one of them expects an OSError if a file() call > fails, but file() throws IOError, not OSError. we're trying out the python > openid library in a chroot, so this bit us. > > -Ryan > > p.s. out of curiosity, why are comments on openidenabled.com disabled? > > -- > http://snarfed.org/ > -Ryan -- http://snarfed.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: cryptutil_ioerror.patch Type: text/x-diff Size: 805 bytes Desc: Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070825/3359bdda/attachment.bin From evan at prodromou.name Tue Aug 28 10:58:57 2007 From: evan at prodromou.name (Evan Prodromou) Date: Tue, 28 Aug 2007 10:58:57 -0700 Subject: Test URL is not available Message-ID: <1188323937.6137.6.camel@bear> Running examples/detect.php, I get this error: An HTTP request was completed. *Got 404 instead of the expected HTTP status code (200).* *The redirected URL was not returned.* *Unexpected data was returned.* After double-checking my PHP curl installation, I checked the code and found this URL is used for the check: http://www.openidenabled.com/resources/php-fetch-test From my server and from my personal computer, this URL 404's. I think it might have gotten lost in the changes to the OpenIDEnabled Web site. -Evan -- Evan Prodromou - evan at prodromou.name - http://evan.prodromou.name/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070828/2a037b47/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4422 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070828/2a037b47/attachment.bin From evan at prodromou.name Tue Aug 28 12:13:35 2007 From: evan at prodromou.name (Evan Prodromou) Date: Tue, 28 Aug 2007 12:13:35 -0700 Subject: Heraldry vs. OpenIDEnabled Message-ID: <1188328415.12833.11.camel@bear> So, I've just been looking at the Heraldry PHP library, and it doesn't seem to have been updated since October 2006. What's the current plan with Heraldry vs. OpenIDEnabled? -Evan -- Evan Prodromou - evan at prodromou.name - http://evan.prodromou.name/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070828/c12949bf/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4422 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20070828/c12949bf/attachment-0001.bin From kevin at janrain.com Tue Aug 28 13:25:06 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 28 Aug 2007 13:25:06 -0700 Subject: Heraldry vs. OpenIDEnabled In-Reply-To: <1188328415.12833.11.camel@bear> References: <1188328415.12833.11.camel@bear> Message-ID: <1188332706.14787.115.camel@localhost> On Tue, 2007-08-28 at 12:13 -0700, Evan Prodromou wrote: > So, I've just been looking at the Heraldry PHP library, and it doesn't > seem to have been updated since October 2006. > > What's the current plan with Heraldry vs. OpenIDEnabled? The Heraldry project in the Apache Incubator is dead; the final vote was in June. PHP OpenID continues to be developed on OpenIDEnabled.com. From kevin at janrain.com Tue Aug 28 13:42:23 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 28 Aug 2007 13:42:23 -0700 Subject: patch: minor bugfix in cryptutil.py In-Reply-To: References: Message-ID: <1188333743.14787.128.camel@localhost> On Sat, 2007-08-25 at 20:36 -0700, Ryan Barrett wrote: > specifically, cryptutil has a code path that tries a few different sources of > randomness in succession. one of them expects an OSError if a file() call > fails, but file() throws IOError, not OSError. we're trying out the python > openid library in a chroot, so this bit us. Thanks for the patch. But looking over that code... catching that error just results in raising another one. Are you able to build in the chroot even with this patch? > p.s. out of curiosity, why are comments on openidenabled.com disabled? The best reason is that they turned out to be a poor way to communicate. If you put a comment on a web page, maybe someone would happen to come along and see it, and *maybe* someone would see it show up in an RSS feed, but it wasn't going to as many developers' inboxes as this mailing list does. Another contributing factor is that we don't have the resources to do effective linkspam control there. From kevin at janrain.com Tue Aug 28 13:58:26 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 28 Aug 2007 13:58:26 -0700 Subject: Test URL is not available In-Reply-To: <1188323937.6137.6.camel@bear> References: <1188323937.6137.6.camel@bear> Message-ID: <1188334706.14787.131.camel@localhost> On Tue, 2007-08-28 at 10:58 -0700, Evan Prodromou wrote: > After double-checking my PHP curl installation, I checked the code and > found this URL is used for the check: > http://www.openidenabled.com/resources/php-fetch-test > From my server and from my personal computer, this URL 404's. I think > it might have gotten lost in the changes to the OpenIDEnabled Web > site. Oops. Right you are. We'll put that back later today. From kevin at janrain.com Tue Aug 28 16:50:14 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 28 Aug 2007 16:50:14 -0700 Subject: Test URL is not available In-Reply-To: <1188323937.6137.6.camel@bear> References: <1188323937.6137.6.camel@bear> Message-ID: <1188345014.14787.132.camel@localhost> On Tue, 2007-08-28 at 10:58 -0700, Evan Prodromou wrote: > After double-checking my PHP curl installation, I checked the code and > found this URL is used for the check: > http://www.openidenabled.com/resources/php-fetch-test > From my server and from my personal computer, this URL 404's. I think > it might have gotten lost in the changes to the OpenIDEnabled Web > site. It should be back now. Let us know if it gives you any more trouble. From openid at ryanb.org Tue Aug 28 20:37:06 2007 From: openid at ryanb.org (Ryan Barrett) Date: Tue, 28 Aug 2007 20:37:06 -0700 (PDT) Subject: patch: minor bugfix in cryptutil.py In-Reply-To: <1188333743.14787.128.camel@localhost> References: <1188333743.14787.128.camel@localhost> Message-ID: On Tue, 28 Aug 2007, Kevin Turner wrote: > Thanks for the patch. But looking over that code... catching that > error just results in raising another one. Are you able to build in the > chroot even with this patch? we handle the ImportError...so yes, we could have handled the IOError too. this is mostly helpful for debugging, since the ImportError with the nice message is a more helpful than the opaque IOError. it also doesn't hurt that it makes the code do what (it looks like) it was intended to do. -Ryan -- http://snarfed.org/ From please.no.more.spam at gmail.com Wed Aug 29 02:25:10 2007 From: please.no.more.spam at gmail.com (=?ISO-8859-1?Q?S=E9bastien_Brault?=) Date: Wed, 29 Aug 2007 11:25:10 +0200 Subject: OpenID testing tool Message-ID: <33842acb0708290225s176adc45uca15c1a773eb27b4@mail.gmail.com> Hi, It seems your testing tool ( http://www.openidenabled.com/openid/openid-tools/) is no more available. Do you plan to put it back on line ? If not, would it be possible to obtain it for a local install ? Thanks in advance. Best regards. S?bastien Brault. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070829/77868e82/attachment.htm From norman at rasmussen.co.za Wed Aug 29 03:18:38 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Wed, 29 Aug 2007 12:18:38 +0200 Subject: PHP Standalone OpenID Server Message-ID: <5b698f5a0708290318q671a2004pdc0ac751b1347ffb@mail.gmail.com> Are there any plans to upgrade the standalone server to the version 2 library? Are the v1 and v2 libs API compatible, and/or how much work is required to upgrade? -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ From kevin at janrain.com Wed Aug 29 10:43:30 2007 From: kevin at janrain.com (Kevin Turner) Date: Wed, 29 Aug 2007 10:43:30 -0700 Subject: OpenID testing tool In-Reply-To: <33842acb0708290225s176adc45uca15c1a773eb27b4@mail.gmail.com> References: <33842acb0708290225s176adc45uca15c1a773eb27b4@mail.gmail.com> Message-ID: <1188409410.824.5.camel@localhost> On Wed, 2007-08-29 at 11:25 +0200, S?bastien Brault wrote: > It seems your testing tool > (http://www.openidenabled.com/openid/openid-tools/) is no more > available. Do you plan to put it back on line ? Making that actually possible to find again is on my to do list. For now, use this link: http://openidenabled.com/resources/openid-test/ Thanks, - Kevin -- keturn on https://pibb.com/go/OpenID and irc.freenode.net#openid From josh at janrain.com Wed Aug 29 10:45:45 2007 From: josh at janrain.com (Josh Hoyt) Date: Wed, 29 Aug 2007 10:45:45 -0700 Subject: OpenID testing tool In-Reply-To: <33842acb0708290225s176adc45uca15c1a773eb27b4@mail.gmail.com> References: <33842acb0708290225s176adc45uca15c1a773eb27b4@mail.gmail.com> Message-ID: <34714aad0708291045q5622e540u27c43137752ae6e8@mail.gmail.com> On 8/29/07, S?bastien Brault wrote: > It seems your testing tool > (http://www.openidenabled.com/openid/openid-tools/ ) is no > more available. Do you plan to put it back on line? S?bastien, We've changed content management systems for OpenIDEnabled.com, and we still have a few kinks to work out. Our testing tools are still online, but the overview page is gone. You can find the tools at the same URL that they were at before: . We'll keep working on site navigation. Hope that helps, Josh Hoyt OpenID: http://j3h.us/ From cygnus at janrain.com Wed Aug 29 11:29:57 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 29 Aug 2007 11:29:57 -0700 Subject: PHP Standalone OpenID Server In-Reply-To: <5b698f5a0708290318q671a2004pdc0ac751b1347ffb@mail.gmail.com> References: <5b698f5a0708290318q671a2004pdc0ac751b1347ffb@mail.gmail.com> Message-ID: <20070829182957.GC28282@janrain.com> # Are there any plans to upgrade the standalone server to the version # 2 library? Are the v1 and v2 libs API compatible, and/or how much # work is required to upgrade? Hi, We haven't yet decided about whether to upgrade the standalone server. As for the libraries, they are 99% API-compatible. You can read a summary of end-user-facing changes in the NEWS file in the OpenID 2 library: http://openidenabled.com/files/php-openid/repos/2.x.x/NEWS The library will be updated to spec draft 12 soon and the NEWS file may change; just be sure to check it if whenever you get a new package or checkout of the source. The OpenID 2 library supports OpenID 1 and is intended to be a drop-in replacement (upgrade) for OpenID 1 library users, with only one or two changes to RP code. Server code changes are minimal unless you want to support some new OpenID 2 protocol features. In that case, some UI changes, as well as library call changes, will be in order. Hope that helps, -- Jonathan Daugherty JanRain, Inc. irc.freenode.net: cygnus in #openid cygnus.myopenid.com