From ronald at elmit.com Mon Jun 2 18:16:51 2008 From: ronald at elmit.com (Ronald Wiplinger) Date: Tue, 03 Jun 2008 09:16:51 +0800 Subject: New to clamshell: .htaccess problem Message-ID: <48449B83.4080101@elmit.com> I just installed clamshell on my Ubuntu server. The error log shows: ..../.htaccess: order not allowed here I have not changed .htaccess In /conf/ I changed only the home to the web site: 'clamshell_home' => "http://openid.elmit.net" I tried all variants of using the site: http://openid.elmit.net http://openid.elmit.net/?admin=true http://openid.elmit.net/admin http://openid.elmit.net/clamshell.php?admin=true without any success. What do I miss? bye Ronald From ronald at elmit.com Tue Jun 3 17:15:14 2008 From: ronald at elmit.com (Ronald Wiplinger) Date: Wed, 04 Jun 2008 08:15:14 +0800 Subject: New to clamshell: .htaccess problem In-Reply-To: <48449B83.4080101@elmit.com> References: <48449B83.4080101@elmit.com> Message-ID: <4845DE92.8010806@elmit.com> Ronald Wiplinger wrote: > I just installed clamshell on my Ubuntu server. > > The error log shows: > ..../.htaccess: order not allowed here > > I have not changed .htaccess > > In /conf/ I changed only the home to the web site: > 'clamshell_home' => "http://openid.elmit.net" > > I tried all variants of using the site: > http://openid.elmit.net > http://openid.elmit.net/?admin=true > http://openid.elmit.net/admin > http://openid.elmit.net/clamshell.php?admin=true > > without any success. > > What do I miss? > > bye > > Ronald > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > I had to use Override None for THAT directory in http.conf From ronald at elmit.com Tue Jun 3 17:23:22 2008 From: ronald at elmit.com (Ronald Wiplinger) Date: Wed, 04 Jun 2008 08:23:22 +0800 Subject: File does not exist error Message-ID: <4845E07A.6000203@elmit.com> I cannot get Clamshell to work. I get an error in apache log file: File does not exist: /srv/www/vhosts/oi.elmit.net/htdocs/srv, referer: http://oi.elmit.net/?u=admin The root directory of that virtual site is at /srv/www/vhosts/oi.elmit.net/htdocs I do not use a subdirectory like "Clamshell". I can reach: http://oi.elmit.net/?u=admin but not: http://oi.elmit.net/admin http://oi.elmit.net/?u=admin&admin=true gives me: Not Found The requested URL /srv/www/vhosts/oi.elmit.net/htdocs/clamshell.php was not found on this server. What do I need to do? bye Ronald From eddy_nigg at startcom.org Tue Jun 3 17:32:37 2008 From: eddy_nigg at startcom.org (Eddy Nigg (StartCom Ltd.)) Date: Wed, 04 Jun 2008 03:32:37 +0300 Subject: File does not exist error In-Reply-To: <4845E07A.6000203@elmit.com> References: <4845E07A.6000203@elmit.com> Message-ID: <4845E2A5.5050103@startcom.org> Hi Ronald, Ronald Wiplinger: > I cannot get Clamshell to work. > > I get an error in apache log file: > File does not exist: /srv/www/vhosts/oi.elmit.net/htdocs/srv, referer: > http://oi.elmit.net/?u=admin > > The root directory of that virtual site is at > /srv/www/vhosts/oi.elmit.net/htdocs > I do not use a subdirectory like "Clamshell". > > > I can reach: > http://oi.elmit.net/?u=admin > > but not: > http://oi.elmit.net/admin > > http://oi.elmit.net/?u=admin&admin=true gives me: > > > Not Found > > The requested URL /srv/www/vhosts/oi.elmit.net/htdocs/clamshell.php was > not found on this server. > > > > What do I need to do? > Those issues are strictly related to Apache and your application and has not much to do with the library and mailing list here. However to get you running, you might need to create a rewrite rule for Apache to match anything with http://oi.elmit.net/admin to something like http://oi.elmit.net/?u=admin Or there might be another problem, since it can't find a certain file called clamshell.php Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: startcom at startcom.org Blog: Join the Revolution! Phone: +1.213.341.0390 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080604/6ca2b1f7/attachment.htm From chris at xhost.com.au Tue Jun 3 20:59:30 2008 From: chris at xhost.com.au (Chris Fordham) Date: Wed, 04 Jun 2008 13:59:30 +1000 Subject: File does not exist error In-Reply-To: <4845E2A5.5050103@startcom.org> References: <4845E07A.6000203@elmit.com> <4845E2A5.5050103@startcom.org> Message-ID: On Wed, 04 Jun 2008 10:32:37 +1000, Eddy Nigg (StartCom Ltd.) wrote: > Hi Ronald, > > Ronald Wiplinger: >> I cannot get Clamshell to work. >> >> I get an error in apache log file: >> File does not exist: /srv/www/vhosts/oi.elmit.net/htdocs/srv, referer: >> http://oi.elmit.net/?u=admin >> >> The root directory of that virtual site is at >> /srv/www/vhosts/oi.elmit.net/htdocs >> I do not use a subdirectory like "Clamshell". >> >> >> I can reach: >> http://oi.elmit.net/?u=admin >> >> but not: >> http://oi.elmit.net/admin >> >> http://oi.elmit.net/?u=admin&admin=true gives me: >> >> >> Not Found >> >> The requested URL /srv/www/vhosts/oi.elmit.net/htdocs/clamshell.php was >> not found on this server. >> >> >> >> What do I need to do? >> > > Those issues are strictly related to Apache and your application and > has not much to do with the library and mailing list here. However to > get you running, you might need to create a rewrite rule for Apache to > match anything with http://oi.elmit.net/admin to something like > http://oi.elmit.net/?u=admin > > Or there might be another problem, since it can't find a certain file > called clamshell.php > > > Regards > Signer: Eddy Nigg, StartCom Ltd. > Jabber: startcom at startcom.org > Blog: Join the Revolution! > Phone: +1.213.341.0390 > > > See http://wiki.guruj.net/Clamshell!Documentation and contact from their site for support. It's pretty much what Eddy advised. Getting some basic Apache knowledge would be valuable too. Your host seems down atm anyway. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ From cygnus at janrain.com Fri Jun 6 16:50:32 2008 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 6 Jun 2008 16:50:32 -0700 Subject: [ANN] openidenabled.com library releases in PHP, Ruby, and Python Message-ID: Hi all, I'm pleased to announce the releases of all three of the openidenabled.com OpenID implementations. This multi-library release includes numerous bug fixes, a few minor API changes, documentation and interop improvements, and better test coverage. Additionally, this release couldn't have happened without a lot of feedback and contributions from the development community. Be sure to check the bug tracker to see if we fixed a bug that you reported. For a complete list of tickets we resolved in this release, please see http://trac.openidenabled.com/trac/report/13 The release versions are as follows: PHP: 2.1.0 Ruby: 2.1.1 Python: 2.2.0 For a user-friendly summary of changes in each release, see the CHANGES file included in the release tarballs. For a complete patch list, see the CHANGELOG file. As usual, you can test for interoperability with your favorite OpenID sites using the live demos linked to from each library's project page (see above). -- Jonathan Daugherty From me at arty.name Sat Jun 7 01:29:14 2008 From: me at arty.name (artemy tregoubenko) Date: Sat, 07 Jun 2008 12:29:14 +0400 Subject: [ANN] openidenabled.com library releases in PHP, Ruby, and Python In-Reply-To: References: Message-ID: Great news! Unfortunately PHP version requires two one-line patches to work correctly with apache: fetcher requests partial content but doesn't accept "206 Partial Content" answer. On Sat, 07 Jun 2008 03:50:32 +0400, Jonathan Daugherty wrote: > Hi all, > > I'm pleased to announce the releases of all three of the > openidenabled.com OpenID implementations. This multi-library release > includes numerous bug fixes, a few minor API changes, documentation > and interop improvements, and better test coverage. > > Additionally, this release couldn't have happened without a lot of > feedback and contributions from the development community. Be sure to > check the bug tracker to see if we fixed a bug that you reported. For > a complete list of tickets we resolved in this release, please see > > http://trac.openidenabled.com/trac/report/13 > > The release versions are as follows: > > PHP: 2.1.0 > Ruby: 2.1.1 > Python: 2.2.0 > > For a user-friendly summary of changes in each release, see the > CHANGES file included in the release tarballs. For a complete patch > list, see the CHANGELOG file. > > As usual, you can test for interoperability with your favorite OpenID > sites using the live demos linked to from each library's project page > (see above). > -- arty ( http://arty.name ) From gbyrd at ncsu.edu Wed Jun 11 09:01:41 2008 From: gbyrd at ncsu.edu (Greg Byrd) Date: Wed, 11 Jun 2008 12:01:41 -0400 Subject: PHP live RP demo: return URL does not match return_to Message-ID: <484FF6E5.6060301@ncsu.edu> I've been using the PHP live RP demo to test an OP that I'm developing. (Thanks for providing this service, by the way!) I keep getting the following response from the RP: OpenID authentication failed: return_to does not match return URL. Expected http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php, got http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15:46:12ZUS6f2P (Of course, the nonce changes each time.) Here's the redirect URL, copied from the Firefox navigator bar: http://openidenabled.com/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.signed=return_to,claimed_id,identity,op_endpoint,response_nonce,assoc_handle&openid.assoc_handle=0v%605e*g&0gy at LGP!0lNT7s[rq*%22C/{)qX^5%2Oi$^%220=%60VuH;Od'QhNZ7aP;1j1(&openid.op_endpoint=http://gbyrd.ece.ncsu.edu:8080/TokenService/services/OpenID&openid.identity=gbyrd&openid.return_to=http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.claimed_id=http://www.cesr.ncsu.edu/gbyrd/&openid.sig=eMCGp32HPF6QlGSM10ssnmB7t0Y=&openid.mode=id_res&openid.response_nonce=2008-05-11T15:46:24ZUNIQUE^cGG,1%3EP$PB1r#_%}fF_A$;9]-CaS&openid.ns=http://specs.openid.net/auth/2.0 The janrain_nonce field is clearly there, along with the openid.* parameters. Am I formatting something incorrectly? (I just noticed that there's an ampersand ('&') in my assoc_handle. Could this be a problem? I ran the redirect URL string through an encoding routine.) ...Greg Byrd, NC State Univ. From andrewarnott at gmail.com Wed Jun 11 09:53:52 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 09:53:52 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <484FF6E5.6060301@ncsu.edu> References: <484FF6E5.6060301@ncsu.edu> Message-ID: <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> Greg, If the URLs you included are really copied straight out of the browser URL bar, then your OP is failing to URL encode the parameters at all, it seems. For instance: "http://" should *never* show up in the query string. Instead it should be encoded as "http%3a%2f%2f" on the URL so that the receiving server can decode the URL and get "http://" back. Yes, your assoc_handle value is especially full of these special characters that should be encoded, and the & it includes is just one of them, and a good example of why encoding is so necessary. Now on the note you were originally bringing up, I believe the Janrain libraries store the return_to URL value that they are expecting in a session variable, so that if the OP doesn't send back the same return_to URL parameter it fires an error (that's beyond the scope of the spec, but anyway). If you encode your URL properly, Janrain will probably be able to read the correct return_to arg out of your URL and this may fix the problem you're seeing. Andrew Arnott On Wed, Jun 11, 2008 at 9:01 AM, Greg Byrd wrote: > > I've been using the PHP live RP demo to test an OP that I'm developing. > (Thanks > for providing this service, by the way!) I keep getting the following > response > from the RP: > > OpenID authentication failed: return_to does not match return URL. Expected > > http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php > , > got > > http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15:46:12ZUS6f2P > > (Of course, the nonce changes each time.) > > Here's the redirect URL, copied from the Firefox navigator bar: > > > http://openidenabled.com/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.signed=return_to,claimed_id,identity,op_endpoint,response_nonce,assoc_handle&openid.assoc_handle=0v%605e*g&0gy at LGP!0lNT7s[rq*%22C/{)qX > ^5%2Oi$^%220=%60VuH;Od'QhNZ7aP;1j1(&openid.op_endpoint= > http://gbyrd.ece.ncsu.edu:8080/TokenService/services/OpenID&openid.identity=gbyrd&openid.return_to=http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.claimed_id=http://www.cesr.ncsu.edu/gbyrd/&openid.sig=eMCGp32HPF6QlGSM10ssnmB7t0Y=&openid.mode=id_res&openid.response_nonce=2008-05-11T15:46:24ZUNIQUE > ^cGG,1%3EP$PB1r#_%}fF_A$;9]-CaS&openid.ns=http://specs.openid.net/auth/2.0 > > The janrain_nonce field is clearly there, along with the openid.* > parameters. > Am I formatting something incorrectly? (I just noticed that there's an > ampersand ('&') in my assoc_handle. Could this be a problem? I ran the > redirect > URL string through an encoding routine.) > > > ...Greg Byrd, NC State Univ. > > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/e26b72fa/attachment.html From gbyrd at ncsu.edu Wed Jun 11 09:57:36 2008 From: gbyrd at ncsu.edu (Greg Byrd) Date: Wed, 11 Jun 2008 12:57:36 -0400 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> Message-ID: <48500400.7010805@ncsu.edu> Thanks for the quick and informative response. ...Greg Andrew Arnott wrote: > Greg, > > If the URLs you included are really copied straight out of the browser > URL bar, then your OP is failing to URL encode the parameters at all, it > seems. For instance: "http://" should /never/ show up in the query > string. Instead it should be encoded as "http%3a%2f%2f" on the URL so > that the receiving server can decode the URL and get "http://" back. > Yes, your assoc_handle value is especially full of these special > characters that should be encoded, and the & it includes is just one of > them, and a good example of why encoding is so necessary. > > Now on the note you were originally bringing up, I believe the Janrain > libraries store the return_to URL value that they are expecting in a > session variable, so that if the OP doesn't send back the same return_to > URL parameter it fires an error (that's beyond the scope of the spec, > but anyway). If you encode your URL properly, Janrain will probably be > able to read the correct return_to arg out of your URL and this may fix > the problem you're seeing. > > Andrew Arnott > > On Wed, Jun 11, 2008 at 9:01 AM, Greg Byrd > wrote: > > > I've been using the PHP live RP demo to test an OP that I'm > developing. (Thanks > for providing this service, by the way!) I keep getting the > following response > from the RP: > > OpenID authentication failed: return_to does not match return URL. > Expected > http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php, > got > http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15:46:12ZUS6f2P > > (Of course, the nonce changes each time.) > > Here's the redirect URL, copied from the Firefox navigator bar: > > http://openidenabled.com/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.signed=return_to,claimed_id,identity,op_endpoint,response_nonce,assoc_handle&openid.assoc_handle=0v%605e*g&0gy at LGP!0lNT7s[rq*%22C/{)qX > ^5%2Oi$^%220=%60VuH;Od'QhNZ7aP;1j1(&openid.op_endpoint=http://gbyrd.ece.ncsu.edu:8080/TokenService/services/OpenID&openid.identity=gbyrd&openid.return_to=http://openidenabled.com:80/php-openid/trunk/examples/consumer/finish_auth.php?janrain_nonce=2008-06-11T15%3A46%3A12ZUS6f2P&openid.claimed_id=http://www.cesr.ncsu.edu/gbyrd/&openid.sig=eMCGp32HPF6QlGSM10ssnmB7t0Y=&openid.mode=id_res&openid.response_nonce=2008-05-11T15:46:24ZUNIQUE > ^cGG,1%3EP$PB1r#_%}fF_A$;9]-CaS&openid.ns=http://specs.openid.net/auth/2.0 > > The janrain_nonce field is clearly there, along with the openid.* > parameters. > Am I formatting something incorrectly? (I just noticed that there's an > ampersand ('&') in my assoc_handle. Could this be a problem? I ran > the redirect > URL string through an encoding routine.) > > > ...Greg Byrd, NC State Univ. > > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev From cygnus at janrain.com Wed Jun 11 12:02:51 2008 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 11 Jun 2008 12:02:51 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> Message-ID: > Now on the note you were originally bringing up, I believe the Janrain > libraries store the return_to URL value that they are expecting in a session > variable, so that if the OP doesn't send back the same return_to URL > parameter it fires an error (that's beyond the scope of the spec, but > anyway). All three of the live RP demos actually reconstruct the return_to URL by looking at the request itself. The return_to is not stored in any session state. However, the effect should be the same. -- Jonathan Daugherty From andrewarnott at gmail.com Wed Jun 11 12:22:50 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 12:22:50 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> Message-ID: <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> Is this new with the latest versions then? As I recall, there was a ticket for one of the libraries just closed that discussed how return_to in the query and the actual request itself *did* match, but they weren't the original return_to passed to the OP, so the library rejected it. I think it was the Ruby one that did it (the others didn't, apparently). Andrew Arnott On Wed, Jun 11, 2008 at 12:02 PM, Jonathan Daugherty wrote: > > Now on the note you were originally bringing up, I believe the Janrain > > libraries store the return_to URL value that they are expecting in a > session > > variable, so that if the OP doesn't send back the same return_to URL > > parameter it fires an error (that's beyond the scope of the spec, but > > anyway). > > All three of the live RP demos actually reconstruct the return_to URL > by looking at the request itself. The return_to is not stored in any > session state. However, the effect should be the same. > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/61427bb6/attachment.html From josh at janrain.com Wed Jun 11 12:32:07 2008 From: josh at janrain.com (Josh Hoyt) Date: Wed, 11 Jun 2008 12:32:07 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> Message-ID: 2008/6/11 Andrew Arnott : > Is this new with the latest versions then? As I recall, there was a ticket > for one of the libraries just closed that discussed how return_to in the > query and the actual request itself did match, but they weren't the original > return_to passed to the OP, so the library rejected it. I think it was the > Ruby one that did it (the others didn't, apparently). IIRC, the problem was that the provider altered the return_to URL. The alteration did not change the meaning of the URL, but the library was expecting the URL to have passed through unchanged (since the code that generates the return_to URL and that validates it are the same.) I consider it kind of pathological for the provider to alter the return_to URL in any way other than adding query parameters, but the libraries are robust to it now. What's new in these library releases is that the verification is now done on normalized URLs so meaning-preserving changes do not cause failure. Josh From andrewarnott at gmail.com Wed Jun 11 14:39:42 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 14:39:42 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> Message-ID: <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> Ah, I see. You don't store the return_to URL that you're expecting in session state -- you regenerate it at the next request and verify that they match. I agree that the OP shouldn't *change* a return_to URL, but the return_to URL can't be guaranteed in the case of an unsolicited assertion as allowed by OpenID 2.0, since the return_to was never sent from the RP to the OP. It makes me wonder how the Janrain libraries receive unsolicited assertions and process them. I haven't tested it myself. Do you know? Just my own opinion, but it seems that verifying the return_to in this manner is beyond the spec, as the spec only demands that return_to and the actual request URL match in their particular way... not that the OP didn't tamper with it in the meantime. Again, I agree that OPs *shouldn't*, but the spec doesn't disallow it, so adding this verification to the Janrain libraries seems like it just potentially breaks things rather than add any useful function. Again, just my 2 cents. Andrew Arnott On Wed, Jun 11, 2008 at 12:32 PM, Josh Hoyt wrote: > 2008/6/11 Andrew Arnott : > > Is this new with the latest versions then? As I recall, there was a > ticket > > for one of the libraries just closed that discussed how return_to in the > > query and the actual request itself did match, but they weren't the > original > > return_to passed to the OP, so the library rejected it. I think it was > the > > Ruby one that did it (the others didn't, apparently). > > IIRC, the problem was that the provider altered the return_to URL. The > alteration did not change the meaning of the URL, but the library was > expecting the URL to have passed through unchanged (since the code > that generates the return_to URL and that validates it are the same.) > I consider it kind of pathological for the provider to alter the > return_to URL in any way other than adding query parameters, but the > libraries are robust to it now. What's new in these library releases > is that the verification is now done on normalized URLs so > meaning-preserving changes do not cause failure. > > Josh > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/b0213c75/attachment.htm From kevin at janrain.com Wed Jun 11 15:17:13 2008 From: kevin at janrain.com (Kevin Turner) Date: Wed, 11 Jun 2008 15:17:13 -0700 Subject: [ANN] openidenabled.com library releases in PHP, Ruby, and Python In-Reply-To: References: Message-ID: <201e81ff0806111517g75a84f92w22e4e322f936673d@mail.gmail.com> On Sat, Jun 7, 2008 at 1:29 AM, artemy tregoubenko wrote: > Unfortunately PHP version requires two one-line patches to work correctly > with apache: fetcher requests partial content but doesn't accept "206 > Partial Content" answer. Thanks for pointing this out. I've been unable to find a site that responds this way; do you have a URL I can test against? (Filed as http://trac.openidenabled.com/trac/ticket/260 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/bf7930b2/attachment.htm From cygnus at janrain.com Wed Jun 11 17:15:12 2008 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 11 Jun 2008 17:15:12 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> Message-ID: > Again, I agree that OPs shouldn't, but the > spec doesn't disallow it, It's true that the spec doesn't address the unsolicited assertion response case, but section 10.1., Positive Assertions, *does* say that the return_to in the response is a "verbatim copy of the return_to URL parameter sent in the request." So a MUST might help clarify this since it is a little hidden. -- Jonathan Daugherty From andrewarnott at gmail.com Wed Jun 11 17:30:49 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 17:30:49 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> Message-ID: <216e54900806111730w108b0086m5437203983a82991@mail.gmail.com> I agree. That sounds like a good OpenID 2.1 spec enhancement. Andrew Arnott On Wed, Jun 11, 2008 at 5:15 PM, Jonathan Daugherty wrote: > > Again, I agree that OPs shouldn't, but the > > spec doesn't disallow it, > > It's true that the spec doesn't address the unsolicited assertion > response case, but section 10.1., Positive Assertions, *does* say that > the return_to in the response is a "verbatim copy of the return_to URL > parameter sent in the request." > > So a MUST might help clarify this since it is a little hidden. > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/6cb3fb68/attachment.html From scotthg at hotmail.com Wed Jun 11 18:10:54 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Wed, 11 Jun 2008 18:10:54 -0700 Subject: problem with Yahoo openid: website not confirmed its identity Message-ID: Hi, I'm new to this list. If there's a way to look at past conversations I'd appreciate someone letting me know. I haven't seen an explanation. But here's the problem I'm experiencing. I've incorporated php-openid version 2.0.1 into my site. It works just fine for a variety of openIDs, but when I try a Yahoo openID the Yahoo server page shows the warning: Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate. It allows me to continue with the login and returns to my site, but there are two problems. 1. No personal data is returned 2. The characters "#f19b8" are appended to the openid URL. I have found some explanations for the warning via Google but they made no sense to me. I was wondering whether any of you have encountered this issue and found a solution specific to the php-openid library. Thanks for your assistance. Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/da95b0dc/attachment.htm From andrewarnott at gmail.com Wed Jun 11 18:58:00 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 18:58:00 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: Message-ID: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> Hi Scott, You're missing an XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. Nothing has to be done regarding your php-openid library here... it's all just a static XRDS doc. Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page. http://specs.openid.net/auth/2.0/return_to http://nerdbank.org/RP/login.aspx Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag: That should do it. Andrew Arnott 2008/6/11 Scott Gelb : > Hi, > > I'm new to this list. If there's a way to look at past conversations I'd > appreciate someone letting me know. I haven't seen an explanation. > > But here's the problem I'm experiencing. I've incorporated php-openid > version 2.0.1 into my site. It works just fine for a variety of openIDs, but > when I try a Yahoo openID the Yahoo server page shows the warning: > > *Warning: This website has not confirmed its identity with Yahoo! and > might be fraudulent. Do not share any personal information with this website > unless you are certain it is legitimate.* > > It allows me to continue with the login and returns to my site, but there > are two problems. > > 1. No personal data is returned > 2. The characters "#f19b8" are appended to the openid URL. > > I have found some explanations for the warning via Google but they made no > sense to me. I was wondering whether any of you have encountered this issue > and found a solution specific to the php-openid library. > > Thanks for your assistance. > > Scott > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/8350d6ef/attachment.html From andrewarnott at gmail.com Wed Jun 11 19:20:23 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Wed, 11 Jun 2008 19:20:23 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> Message-ID: <216e54900806111920q20d2624bt3e0db9e8c57a076a@mail.gmail.com> Oh, and regarding the personal data from Yahoo! that you're not getting and the #fragment suffix... The fragment is part of the legal ClaimedIdentifier and you should store it with your user's data along with the rest of the URL. Yahoo! doesn't currently support the Sreg or Attribute Exchange extensions, so it doesn't ever provide personal data on its users. Andrew Arnott On Wed, Jun 11, 2008 at 6:58 PM, Andrew Arnott wrote: > Hi Scott, > > You're missing an XRDS document advertised from your Realm URL. Add that > (properly filled out) and Yahoo will stop complaining about your site's > identity. Nothing has to be done regarding your php-openid library here... > it's all just a static XRDS doc. > > Here is a sample XRDS doc. Just change the URI tag contents to point at > the URL of your login page. > > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://nerdbank.org/RP/login.aspx > > > > > Store this XRDS doc on your site somewhere, and point to it from your realm > URL (home page, probably) using a meta tag: > > > That should do it. > > Andrew Arnott > > 2008/6/11 Scott Gelb : > >> Hi, >> >> I'm new to this list. If there's a way to look at past conversations I'd >> appreciate someone letting me know. I haven't seen an explanation. >> >> But here's the problem I'm experiencing. I've incorporated php-openid >> version 2.0.1 into my site. It works just fine for a variety of openIDs, but >> when I try a Yahoo openID the Yahoo server page shows the warning: >> >> *Warning: This website has not confirmed its identity with Yahoo! and >> might be fraudulent. Do not share any personal information with this website >> unless you are certain it is legitimate.* >> >> It allows me to continue with the login and returns to my site, but there >> are two problems. >> >> 1. No personal data is returned >> 2. The characters "#f19b8" are appended to the openid URL. >> >> I have found some explanations for the warning via Google but they made no >> sense to me. I was wondering whether any of you have encountered this issue >> and found a solution specific to the php-openid library. >> >> Thanks for your assistance. >> >> Scott >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/40c69c20/attachment-0001.htm From scotthg at hotmail.com Wed Jun 11 23:37:40 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Wed, 11 Jun 2008 23:37:40 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> Message-ID: Hi Andrew, Thank you for your response. However, this did not work for me, perhaps I did something wrong. I copied the xml doc as you specified and pasted it into a file called yadis.xml in my root directory. I changed the contents of the URI tag to the absolute url of my login page: http://myopenid.happy-cows.com/login_openid.php. Then I added the meta tag to my header: I then tried my Yahoo openid http://me.yahoo.com/{myloginid} and I got the same warning. Any thoughts? Thanks, Scott Date: Wed, 11 Jun 2008 18:58:00 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityHi Scott,You're missing an XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. Nothing has to be done regarding your php-openid library here... it's all just a static XRDS doc. Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page. http://specs.openid.net/auth/2.0/return_to http://nerdbank.org/RP/login.aspx Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:That should do it.Andrew Arnott 2008/6/11 Scott Gelb : Hi, I'm new to this list. If there's a way to look at past conversations I'd appreciate someone letting me know. I haven't seen an explanation. But here's the problem I'm experiencing. I've incorporated php-openid version 2.0.1 into my site. It works just fine for a variety of openIDs, but when I try a Yahoo openID the Yahoo server page shows the warning: Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate. It allows me to continue with the login and returns to my site, but there are two problems. 1. No personal data is returned2. The characters "#f19b8" are appended to the openid URL. I have found some explanations for the warning via Google but they made no sense to me. I was wondering whether any of you have encountered this issue and found a solution specific to the php-openid library. Thanks for your assistance. Scott_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080611/08c7705d/attachment.htm From josh at janrain.com Thu Jun 12 01:07:18 2008 From: josh at janrain.com (Josh Hoyt) Date: Thu, 12 Jun 2008 01:07:18 -0700 Subject: PHP live RP demo: return URL does not match return_to In-Reply-To: <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> References: <484FF6E5.6060301@ncsu.edu> <216e54900806110953h4cb92999l9de33f1eda0f9830@mail.gmail.com> <216e54900806111222k7c324bbapb11c91aaaef2ff7a@mail.gmail.com> <216e54900806111439s3c61b539n314e9786db042ee5@mail.gmail.com> Message-ID: 2008/6/11 Andrew Arnott : > Just my own opinion, but it seems that verifying the return_to in this > manner is beyond the spec, as the spec only demands that return_to and the > actual request URL match in their particular way... not that the OP didn't > tamper with it in the meantime. Again, I agree that OPs shouldn't, but the > spec doesn't disallow it, so adding this verification to the Janrain > libraries seems like it just potentially breaks things rather than add any > useful function. Again, just my 2 cents. The libraries no longer check for an exact literal match for the return_to URL, so it's no longer really relevant to discuss. Previously, the assumption was that there would not be any reason for them to differ, so doing a literal comparison was the easiest implementation, and we had not yet experienced any interoperability problems. As soon as an interop problem occurred, we changed the code to be more liberal in its matching, while still following the spec. Josh From mmenti at gmail.com Thu Jun 12 01:16:19 2008 From: mmenti at gmail.com (Mario Menti) Date: Thu, 12 Jun 2008 09:16:19 +0100 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> Message-ID: <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> Hi Scott, there were a couple of long-ish threads on this subject back in March, which may be helpful to you. You should find them archived here: http://lists.openidenabled.com/pipermail/dev/2008-March/thread.html Mario. 2008/6/12 Scott Gelb : > Hi Andrew, > > Thank you for your response. However, this did not work for me, perhaps I > did something wrong. > > I copied the xml doc as you specified and pasted it into a file called > yadis.xml in my root directory. I changed the contents of the URI tag to the > absolute url of my login page: > > http://myopenid.happy-cows.com/login_openid.php. > > Then I added the meta tag to my header: > > http://myopenid.happy-cows.com/yadis.xml /> > > I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. > > Any thoughts? > > Thanks, > > Scott > > ------------------------------ > Date: Wed, 11 Jun 2008 18:58:00 -0700 > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > > Hi Scott, > > You're missing an XRDS document advertised from your Realm URL. Add that > (properly filled out) and Yahoo will stop complaining about your site's > identity. Nothing has to be done regarding your php-openid library here... > it's all just a static XRDS doc. > > Here is a sample XRDS doc. Just change the URI tag contents to point at > the URL of your login page. > > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://nerdbank.org/RP/login.aspx > > > > > Store this XRDS doc on your site somewhere, and point to it from your realm > URL (home page, probably) using a meta tag: > > > That should do it. > > Andrew Arnott > > 2008/6/11 Scott Gelb : > > Hi, > > I'm new to this list. If there's a way to look at past conversations I'd > appreciate someone letting me know. I haven't seen an explanation. > > But here's the problem I'm experiencing. I've incorporated php-openid > version 2.0.1 into my site. It works just fine for a variety of openIDs, but > when I try a Yahoo openID the Yahoo server page shows the warning: > > *Warning: This website has not confirmed its identity with Yahoo! and > might be fraudulent. Do not share any personal information with this website > unless you are certain it is legitimate.* > > It allows me to continue with the login and returns to my site, but there > are two problems. > > 1. No personal data is returned > 2. The characters "#f19b8" are appended to the openid URL. > > I have found some explanations for the warning via Google but they made no > sense to me. I was wondering whether any of you have encountered this issue > and found a solution specific to the php-openid library. > > Thanks for your assistance. > > Scott > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/3b1adf31/attachment.html From andrewarnott at gmail.com Thu Jun 12 07:03:57 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Thu, 12 Jun 2008 07:03:57 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> Message-ID: <216e54900806120703g14f2af68m18a1b1b578e5c86c@mail.gmail.com> Hi again Scott, I forgot to mention that your XRDS document should respond with a specific Content-Type of application/xrds+xml. That *might* do the last trick for you. Please let me know. Andrew Arnott 2008/6/11 Scott Gelb : > Hi Andrew, > > Thank you for your response. However, this did not work for me, perhaps I > did something wrong. > > I copied the xml doc as you specified and pasted it into a file called > yadis.xml in my root directory. I changed the contents of the URI tag to the > absolute url of my login page: > > http://myopenid.happy-cows.com/login_openid.php. > > Then I added the meta tag to my header: > > http://myopenid.happy-cows.com/yadis.xml /> > > I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. > > Any thoughts? > > Thanks, > > Scott > > ------------------------------ > Date: Wed, 11 Jun 2008 18:58:00 -0700 > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > > Hi Scott, > > You're missing an XRDS document advertised from your Realm URL. Add that > (properly filled out) and Yahoo will stop complaining about your site's > identity. Nothing has to be done regarding your php-openid library here... > it's all just a static XRDS doc. > > Here is a sample XRDS doc. Just change the URI tag contents to point at > the URL of your login page. > > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://nerdbank.org/RP/login.aspx > > > > > Store this XRDS doc on your site somewhere, and point to it from your realm > URL (home page, probably) using a meta tag: > > > That should do it. > > Andrew Arnott > > 2008/6/11 Scott Gelb : > > Hi, > > I'm new to this list. If there's a way to look at past conversations I'd > appreciate someone letting me know. I haven't seen an explanation. > > But here's the problem I'm experiencing. I've incorporated php-openid > version 2.0.1 into my site. It works just fine for a variety of openIDs, but > when I try a Yahoo openID the Yahoo server page shows the warning: > > *Warning: This website has not confirmed its identity with Yahoo! and > might be fraudulent. Do not share any personal information with this website > unless you are certain it is legitimate.* > > It allows me to continue with the login and returns to my site, but there > are two problems. > > 1. No personal data is returned > 2. The characters "#f19b8" are appended to the openid URL. > > I have found some explanations for the warning via Google but they made no > sense to me. I was wondering whether any of you have encountered this issue > and found a solution specific to the php-openid library. > > Thanks for your assistance. > > Scott > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/e18830d3/attachment-0001.html From andrewarnott at gmail.com Thu Jun 12 07:14:23 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Thu, 12 Jun 2008 07:14:23 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> Message-ID: <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> The specific message that seems to contain all the answers is here: http://lists.openidenabled.com/pipermail/dev/2008-March/001220.html One more tidbit I haven't shared is your Realm URL must send this HTTP Response header: X-XRDS-Location: http://nerdbank.org/xrds.aspx fill in your own XRDS URL. Apparently Yahoo is reported as not honoring the style of advertising the XRDS doc. Andrew Arnott 2008/6/12 Mario Menti : > Hi Scott, > > there were a couple of long-ish threads on this subject back in March, > which may be helpful to you. You should find them archived here: > http://lists.openidenabled.com/pipermail/dev/2008-March/thread.html > > Mario. > > 2008/6/12 Scott Gelb : > > Hi Andrew, >> >> Thank you for your response. However, this did not work for me, perhaps I >> did something wrong. >> >> I copied the xml doc as you specified and pasted it into a file called >> yadis.xml in my root directory. I changed the contents of the URI tag to the >> absolute url of my login page: >> >> http://myopenid.happy-cows.com/login_openid.php. >> >> Then I added the meta tag to my header: >> >> > http://myopenid.happy-cows.com/yadis.xml /> >> >> I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. >> >> Any thoughts? >> >> Thanks, >> >> Scott >> >> ------------------------------ >> Date: Wed, 11 Jun 2008 18:58:00 -0700 >> From: andrewarnott at gmail.com >> To: dev at lists.openidenabled.com >> Subject: Re: problem with Yahoo openid: website not confirmed its identity >> >> >> Hi Scott, >> >> You're missing an XRDS document advertised from your Realm URL. Add that >> (properly filled out) and Yahoo will stop complaining about your site's >> identity. Nothing has to be done regarding your php-openid library here... >> it's all just a static XRDS doc. >> >> Here is a sample XRDS doc. Just change the URI tag contents to point at >> the URL of your login page. >> >> >> > xmlns:xrds="xri://$xrds" >> xmlns:openid="http://openid.net/xmlns/1.0" >> xmlns="xri://$xrd*($v*2.0)"> >> >> >> http://specs.openid.net/auth/2.0/return_to >> http://nerdbank.org/RP/login.aspx >> >> >> >> >> Store this XRDS doc on your site somewhere, and point to it from your >> realm URL (home page, probably) using a meta tag: >> >> >> That should do it. >> >> Andrew Arnott >> >> 2008/6/11 Scott Gelb : >> >> Hi, >> >> I'm new to this list. If there's a way to look at past conversations I'd >> appreciate someone letting me know. I haven't seen an explanation. >> >> But here's the problem I'm experiencing. I've incorporated php-openid >> version 2.0.1 into my site. It works just fine for a variety of openIDs, but >> when I try a Yahoo openID the Yahoo server page shows the warning: >> >> *Warning: This website has not confirmed its identity with Yahoo! and >> might be fraudulent. Do not share any personal information with this website >> unless you are certain it is legitimate.* >> >> It allows me to continue with the login and returns to my site, but there >> are two problems. >> >> 1. No personal data is returned >> 2. The characters "#f19b8" are appended to the openid URL. >> >> I have found some explanations for the warning via Google but they made no >> sense to me. I was wondering whether any of you have encountered this issue >> and found a solution specific to the php-openid library. >> >> Thanks for your assistance. >> >> Scott >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> >> >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/e928ba43/attachment.htm From andrewarnott at gmail.com Thu Jun 12 07:42:28 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Thu, 12 Jun 2008 07:42:28 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> Message-ID: <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> One last thing that I just remembered: Your Realm URL cannot cause a 301 redirect. So if the realm you're sending (or the library you're using is choosing) is to, say... http://yourdomain.com/boo, but if a browser request to that URL redirects to http://yourdomain.com/boo/ (note the trailing slash), then you need to change your realm URL to include the trailing slash. All summarized with samples here: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html And you can see a working sample here: http://nerdbank.org/RP Andrew Arnott On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott wrote: > The specific message that seems to contain all the answers is here: > http://lists.openidenabled.com/pipermail/dev/2008-March/001220.html > > One more tidbit I haven't shared is your Realm URL must send this HTTP > Response header: > X-XRDS-Location: http://nerdbank.org/xrds.aspx > fill in your own XRDS URL. > Apparently Yahoo is reported as not honoring the http-equiv="x-xrds-location"...> style of advertising the XRDS doc. > > Andrew Arnott > > 2008/6/12 Mario Menti : > > Hi Scott, >> >> there were a couple of long-ish threads on this subject back in March, >> which may be helpful to you. You should find them archived here: >> http://lists.openidenabled.com/pipermail/dev/2008-March/thread.html >> >> Mario. >> >> 2008/6/12 Scott Gelb : >> >> Hi Andrew, >>> >>> Thank you for your response. However, this did not work for me, perhaps I >>> did something wrong. >>> >>> I copied the xml doc as you specified and pasted it into a file called >>> yadis.xml in my root directory. I changed the contents of the URI tag to the >>> absolute url of my login page: >>> >>> http://myopenid.happy-cows.com/login_openid.php. >>> >>> Then I added the meta tag to my header: >>> >>> >> http://myopenid.happy-cows.com/yadis.xml /> >>> >>> I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. >>> >>> Any thoughts? >>> >>> Thanks, >>> >>> Scott >>> >>> ------------------------------ >>> Date: Wed, 11 Jun 2008 18:58:00 -0700 >>> From: andrewarnott at gmail.com >>> To: dev at lists.openidenabled.com >>> Subject: Re: problem with Yahoo openid: website not confirmed its >>> identity >>> >>> >>> Hi Scott, >>> >>> You're missing an XRDS document advertised from your Realm URL. Add that >>> (properly filled out) and Yahoo will stop complaining about your site's >>> identity. Nothing has to be done regarding your php-openid library here... >>> it's all just a static XRDS doc. >>> >>> Here is a sample XRDS doc. Just change the URI tag contents to point at >>> the URL of your login page. >>> >>> >>> >> xmlns:xrds="xri://$xrds" >>> xmlns:openid="http://openid.net/xmlns/1.0" >>> xmlns="xri://$xrd*($v*2.0)"> >>> >>> >>> http://specs.openid.net/auth/2.0/return_to >>> http://nerdbank.org/RP/login.aspx >>> >>> >>> >>> >>> Store this XRDS doc on your site somewhere, and point to it from your >>> realm URL (home page, probably) using a meta tag: >>> >>> >>> That should do it. >>> >>> Andrew Arnott >>> >>> 2008/6/11 Scott Gelb : >>> >>> Hi, >>> >>> I'm new to this list. If there's a way to look at past conversations I'd >>> appreciate someone letting me know. I haven't seen an explanation. >>> >>> But here's the problem I'm experiencing. I've incorporated php-openid >>> version 2.0.1 into my site. It works just fine for a variety of openIDs, but >>> when I try a Yahoo openID the Yahoo server page shows the warning: >>> >>> *Warning: This website has not confirmed its identity with Yahoo! and >>> might be fraudulent. Do not share any personal information with this website >>> unless you are certain it is legitimate.* >>> >>> It allows me to continue with the login and returns to my site, but there >>> are two problems. >>> >>> 1. No personal data is returned >>> 2. The characters "#f19b8" are appended to the openid URL. >>> >>> I have found some explanations for the warning via Google but they made >>> no sense to me. I was wondering whether any of you have encountered this >>> issue and found a solution specific to the php-openid library. >>> >>> Thanks for your assistance. >>> >>> Scott >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev at lists.openidenabled.com >>> http://lists.openidenabled.com/mailman/listinfo/dev >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev at lists.openidenabled.com >>> http://lists.openidenabled.com/mailman/listinfo/dev >>> >>> >> >> _______________________________________________ >> Dev mailing list >> Dev at lists.openidenabled.com >> http://lists.openidenabled.com/mailman/listinfo/dev >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/9b8db757/attachment.html From scotthg at hotmail.com Thu Jun 12 11:35:54 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Thu, 12 Jun 2008 11:35:54 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> Message-ID: Thanks to Andrew and Mario for your responses. I have tried to implement them accurately but I still get the same problem. Here is what I have right now: This meta tag has been added to all pages: I also tried sending it via PHP's header function instead, but the result was the same. The content of yadis.php is: http://specs.openid.net/auth/2.0/return_to http://myopenid.happy-cows.com/finish_auth.php By the way, just to be clear, finish_auth.php is not my login page, it is my return_to page. I hope that is correct. The Yahoo page reports: When you leave this page, you will be sent to http://myopenid.happy-cows.com:80/finish_auth.php?janrain... so I assume this is the correct URL to put in the URI tag above, minus the port and the portion starting with the "?" The only other thing I can think of is that I am using http://myopenid.happy-cows.com as my realm, and that is a subdomain. Andrew, you said that there is a problem relating to redirection. I don't know if that is relevent here, since the actual path would be http://www.happy-cows.com/myopenid/. Any more ideas? Thanks, Scott Date: Thu, 12 Jun 2008 07:42:28 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityOne last thing that I just remembered:Your Realm URL cannot cause a 301 redirect. So if the realm you're sending (or the library you're using is choosing) is to, say... http://yourdomain.com/boo, but if a browser request to that URL redirects to http://yourdomain.com/boo/ (note the trailing slash), then you need to change your realm URL to include the trailing slash.All summarized with samples here:http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.htmlAnd you can see a working sample here: http://nerdbank.org/RPAndrew Arnott On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott wrote: The specific message that seems to contain all the answers is here:http://lists.openidenabled.com/pipermail/dev/2008-March/001220.htmlOne more tidbit I haven't shared is your Realm URL must send this HTTP Response header:X-XRDS-Location: http://nerdbank.org/xrds.aspxfill in your own XRDS URL.Apparently Yahoo is reported as not honoring the style of advertising the XRDS doc.Andrew Arnott 2008/6/12 Mario Menti : Hi Scott,there were a couple of long-ish threads on this subject back in March, which may be helpful to you. You should find them archived here:http://lists.openidenabled.com/pipermail/dev/2008-March/thread.htmlMario. 2008/6/12 Scott Gelb : Hi Andrew, Thank you for your response. However, this did not work for me, perhaps I did something wrong. I copied the xml doc as you specified and pasted it into a file called yadis.xml in my root directory. I changed the contents of the URI tag to the absolute url of my login page: http://myopenid.happy-cows.com/login_openid.php.Then I added the meta tag to my header: I then tried my Yahoo openid http://me.yahoo.com/{myloginid} and I got the same warning. Any thoughts? Thanks, Scott Date: Wed, 11 Jun 2008 18:58:00 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identity Hi Scott,You're missing an XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. Nothing has to be done regarding your php-openid library here... it's all just a static XRDS doc. Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page. http://specs.openid.net/auth/2.0/return_to http://nerdbank.org/RP/login.aspx Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:That should do it.Andrew Arnott 2008/6/11 Scott Gelb : Hi, I'm new to this list. If there's a way to look at past conversations I'd appreciate someone letting me know. I haven't seen an explanation. But here's the problem I'm experiencing. I've incorporated php-openid version 2.0.1 into my site. It works just fine for a variety of openIDs, but when I try a Yahoo openID the Yahoo server page shows the warning: Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate. It allows me to continue with the login and returns to my site, but there are two problems. 1. No personal data is returned2. The characters "#f19b8" are appended to the openid URL. I have found some explanations for the warning via Google but they made no sense to me. I was wondering whether any of you have encountered this issue and found a solution specific to the php-openid library. Thanks for your assistance. Scott_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/ffdc61a9/attachment-0001.htm From andrewarnott at gmail.com Thu Jun 12 17:23:42 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Thu, 12 Jun 2008 17:23:42 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> Message-ID: <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> Scott, here are a few things I note that are problems: 1. Your XRDS doc is failing: http://myopenid.happy-cows.com/yadis.phpgenerates an error (below). It must be a 200 OK response with substance, of course. *Parse error*: syntax error, unexpected T_STRING in * /home/hctest/public_html/myopenid/yadis.php* on line *4* 2. The content of your yadis.php file sets the header to "Content-type: ...". Note that the capitalization just might be important. Be sure to set "Content-Type" instead of "Content-type". Test that the header is sent by requesting the URL in your browser. If it works, your browser should attempt to download the page as a file instead of displaying the content right there in your browser. 3. Your XRDS doc should have the return_to URL in its URI element instead of the login page in your case because it is split up, so you have that correct. 4. If your return_to URL and realm include a :80 port explicitly, just for kicks throw it into the URI tag of your XRDS doc. It shouldn't be required, but I've seen lots of libraries have problems with it. 5. You say that http://myopenid.happy-cows.com is your realm. But when I go to that address I get an error page. There must be a valid response page at your realm URL. Try all of the above and see where it gets you. Andrew Arnott 2008/6/12 Scott Gelb : > Thanks to Andrew and Mario for your responses. I have tried to implement > them accurately but I still get the same problem. > > Here is what I have right now: > > > This meta tag has been added to all pages: > > > > > > I also tried sending it via PHP's header function instead, but the result > was the same. > > > > The content of yadis.php is: > > header('Content-type: application/xrds+xml'); > ?> > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://myopenid.happy-cows.com/finish_auth.php > > > > > > By the way, just to be clear, finish_auth.php is not my login page, it is > my return_to page. I hope that is correct. > > > > The Yahoo page reports: > > When you leave this page, you will be sent to > *http://myopenid.happy-cows.com > :80/finish_auth.php?janrain...* > > so I assume this is the correct URL to put in the URI tag above, minus the > port and the portion starting with the "?" > > > The only other thing I can think of is that I am using > http://myopenid.happy-cows.com as my realm, and that is a subdomain. > Andrew, you said that there is a problem relating to redirection. I don't > know if that is relevent here, since the actual path would be > http://www.happy-cows.com/myopenid/. > > Any more ideas? > > Thanks, > > Scott > > ------------------------------ > Date: Thu, 12 Jun 2008 07:42:28 -0700 > > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > One last thing that I just remembered: > Your Realm URL cannot cause a 301 redirect. So if the realm you're sending > (or the library you're using is choosing) is to, say... > http://yourdomain.com/boo, but if a browser request to that URL redirects > to http://yourdomain.com/boo/ (note the trailing slash), then you need to > change your realm URL to include the trailing slash. > > All summarized with samples here: > http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html > > And you can see a working sample here: http://nerdbank.org/RP > > Andrew Arnott > > On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott > wrote: > > The specific message that seems to contain all the answers is here: > http://lists.openidenabled.com/pipermail/dev/2008-March/001220.html > > One more tidbit I haven't shared is your Realm URL must send this HTTP > Response header: > X-XRDS-Location: http://nerdbank.org/xrds.aspx > fill in your own XRDS URL. > Apparently Yahoo is reported as not honoring the http-equiv="x-xrds-location"...> style of advertising the XRDS doc. > > Andrew Arnott > > 2008/6/12 Mario Menti : > > Hi Scott, > > there were a couple of long-ish threads on this subject back in March, > which may be helpful to you. You should find them archived here: > http://lists.openidenabled.com/pipermail/dev/2008-March/thread.html > > Mario. > > 2008/6/12 Scott Gelb : > > Hi Andrew, > > Thank you for your response. However, this did not work for me, perhaps I > did something wrong. > > I copied the xml doc as you specified and pasted it into a file called > yadis.xml in my root directory. I changed the contents of the URI tag to the > absolute url of my login page: > > http://myopenid.happy-cows.com/login_openid.php. > > Then I added the meta tag to my header: > > http://myopenid.happy-cows.com/yadis.xml /> > > I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. > > Any thoughts? > > Thanks, > > Scott > > ------------------------------ > Date: Wed, 11 Jun 2008 18:58:00 -0700 > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > > Hi Scott, > > You're missing an XRDS document advertised from your Realm URL. Add that > (properly filled out) and Yahoo will stop complaining about your site's > identity. Nothing has to be done regarding your php-openid library here... > it's all just a static XRDS doc. > > Here is a sample XRDS doc. Just change the URI tag contents to point at > the URL of your login page. > > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://nerdbank.org/RP/login.aspx > > > > > Store this XRDS doc on your site somewhere, and point to it from your realm > URL (home page, probably) using a meta tag: > > > That should do it. > > Andrew Arnott > > 2008/6/11 Scott Gelb : > > Hi, > > I'm new to this list. If there's a way to look at past conversations I'd > appreciate someone letting me know. I haven't seen an explanation. > > But here's the problem I'm experiencing. I've incorporated php-openid > version 2.0.1 into my site. It works just fine for a variety of openIDs, but > when I try a Yahoo openID the Yahoo server page shows the warning: > > *Warning: This website has not confirmed its identity with Yahoo! and > might be fraudulent. Do not share any personal information with this website > unless you are certain it is legitimate.* > > It allows me to continue with the login and returns to my site, but there > are two problems. > > 1. No personal data is returned > 2. The characters "#f19b8" are appended to the openid URL. > > I have found some explanations for the warning via Google but they made no > sense to me. I was wondering whether any of you have encountered this issue > and found a solution specific to the php-openid library. > > Thanks for your assistance. > > Scott > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/8beb9343/attachment.htm From scotthg at hotmail.com Thu Jun 12 19:41:47 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Thu, 12 Jun 2008 19:41:47 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> Message-ID: Thanks for the info, Andrew. I have fixed the XRDS doc, it works properly now. But the problem with Yahoo remains. The only thing left is: "You say that http://myopenid.happy-cows.com is your realm. But when I go to that address I get an error page. There must be a valid response page at your realm URL." I am testing this on someone else's site, and I don't have complete control of it, for example, no SSH, only CPanel. So I am having a problem getting it to recognize "DirectoryIndex index.php". It works if you browse to "myopenid.happy-cows.com/index.php", but not "myopenid.happy-cows.com/". I am now trying to integrate the openid code into another site that I have complete control over. I will see if that makes a difference. I will report back. Thanks, Scott Date: Thu, 12 Jun 2008 17:23:42 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityScott, here are a few things I note that are problems: Your XRDS doc is failing: http://myopenid.happy-cows.com/yadis.php generates an error (below). It must be a 200 OK response with substance, of course.Parse error: syntax error, unexpected T_STRING in /home/hctest/public_html/myopenid/yadis.php on line 4 The content of your yadis.php file sets the header to "Content-type: ...". Note that the capitalization just might be important. Be sure to set "Content-Type" instead of "Content-type". Test that the header is sent by requesting the URL in your browser. If it works, your browser should attempt to download the page as a file instead of displaying the content right there in your browser. Your XRDS doc should have the return_to URL in its URI element instead of the login page in your case because it is split up, so you have that correct. If your return_to URL and realm include a :80 port explicitly, just for kicks throw it into the URI tag of your XRDS doc. It shouldn't be required, but I've seen lots of libraries have problems with it. You say that http://myopenid.happy-cows.com is your realm. But when I go to that address I get an error page. There must be a valid response page at your realm URL.Try all of the above and see where it gets you.Andrew Arnott 2008/6/12 Scott Gelb : Thanks to Andrew and Mario for your responses. I have tried to implement them accurately but I still get the same problem. Here is what I have right now: This meta tag has been added to all pages: I also tried sending it via PHP's header function instead, but the result was the same. The content of yadis.php is: http://specs.openid.net/auth/2.0/return_to http://myopenid.happy-cows.com/finish_auth.php By the way, just to be clear, finish_auth.php is not my login page, it is my return_to page. I hope that is correct. The Yahoo page reports: When you leave this page, you will be sent to http://myopenid.happy-cows.com:80/finish_auth.php?janrain... so I assume this is the correct URL to put in the URI tag above, minus the port and the portion starting with the "?" The only other thing I can think of is that I am using http://myopenid.happy-cows.com as my realm, and that is a subdomain. Andrew, you said that there is a problem relating to redirection. I don't know if that is relevent here, since the actual path would be http://www.happy-cows.com/myopenid/. Any more ideas? Thanks, Scott Date: Thu, 12 Jun 2008 07:42:28 -0700 From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityOne last thing that I just remembered:Your Realm URL cannot cause a 301 redirect. So if the realm you're sending (or the library you're using is choosing) is to, say... http://yourdomain.com/boo, but if a browser request to that URL redirects to http://yourdomain.com/boo/ (note the trailing slash), then you need to change your realm URL to include the trailing slash.All summarized with samples here:http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.htmlAnd you can see a working sample here: http://nerdbank.org/RPAndrew Arnott On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott wrote: The specific message that seems to contain all the answers is here:http://lists.openidenabled.com/pipermail/dev/2008-March/001220.htmlOne more tidbit I haven't shared is your Realm URL must send this HTTP Response header:X-XRDS-Location: http://nerdbank.org/xrds.aspxfill in your own XRDS URL.Apparently Yahoo is reported as not honoring the style of advertising the XRDS doc.Andrew Arnott 2008/6/12 Mario Menti : Hi Scott,there were a couple of long-ish threads on this subject back in March, which may be helpful to you. You should find them archived here:http://lists.openidenabled.com/pipermail/dev/2008-March/thread.htmlMario. 2008/6/12 Scott Gelb : Hi Andrew, Thank you for your response. However, this did not work for me, perhaps I did something wrong. I copied the xml doc as you specified and pasted it into a file called yadis.xml in my root directory. I changed the contents of the URI tag to the absolute url of my login page: http://myopenid.happy-cows.com/login_openid.php.Then I added the meta tag to my header: I then tried my Yahoo openid http://me.yahoo.com/{myloginid} and I got the same warning. Any thoughts? Thanks, Scott Date: Wed, 11 Jun 2008 18:58:00 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identity Hi Scott,You're missing an XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. Nothing has to be done regarding your php-openid library here... it's all just a static XRDS doc. Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page. http://specs.openid.net/auth/2.0/return_to http://nerdbank.org/RP/login.aspx Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:That should do it.Andrew Arnott 2008/6/11 Scott Gelb : Hi, I'm new to this list. If there's a way to look at past conversations I'd appreciate someone letting me know. I haven't seen an explanation. But here's the problem I'm experiencing. I've incorporated php-openid version 2.0.1 into my site. It works just fine for a variety of openIDs, but when I try a Yahoo openID the Yahoo server page shows the warning: Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate. It allows me to continue with the login and returns to my site, but there are two problems. 1. No personal data is returned2. The characters "#f19b8" are appended to the openid URL. I have found some explanations for the warning via Google but they made no sense to me. I was wondering whether any of you have encountered this issue and found a solution specific to the php-openid library. Thanks for your assistance. Scott_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/0389199a/attachment-0001.html From andrewarnott at gmail.com Thu Jun 12 20:19:20 2008 From: andrewarnott at gmail.com (Andrew Arnott) Date: Thu, 12 Jun 2008 20:19:20 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> Message-ID: <216e54900806122019m36a0d78bp3479d8175823794@mail.gmail.com> You may be able to get away with a static (non-php) index.html page in that home directory, using just the tag. That might be enough for Yahoo. Andrew Arnott 2008/6/12 Scott Gelb : > Thanks for the info, Andrew. > > I have fixed the XRDS doc, it works properly now. But the problem with > Yahoo remains. The only thing left is: > > "You say that http://myopenid.happy-cows.com is your realm. But when I go > to that address I get an error page. There must be a valid response page at > your realm URL." > > I am testing this on someone else's site, and I don't have complete control > of it, for example, no SSH, only CPanel. So I am having a problem getting it > to recognize "DirectoryIndex index.php". It works if you browse to " > myopenid.happy-cows.com/index.php", but not "myopenid.happy-cows.com/". > > I am now trying to integrate the openid code into another site that I have > complete control over. I will see if that makes a difference. > > I will report back. > > Thanks, > > Scott > > > > > ------------------------------ > Date: Thu, 12 Jun 2008 17:23:42 -0700 > > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > Scott, here are a few things I note that are problems: > > 1. Your XRDS doc is failing: http://myopenid.happy-cows.com/yadis.phpgenerates an error (below). It must be a 200 OK response with substance, of > course. > *Parse error*: syntax error, unexpected T_STRING in * > /home/hctest/public_html/myopenid/yadis.php* on line *4* > 2. The content of your yadis.php file sets the header to "Content-type: > ...". Note that the capitalization just might be important. Be sure to set > "Content-Type" instead of "Content-type". Test that the header is sent by > requesting the URL in your browser. If it works, your browser should > attempt to download the page as a file instead of displaying the content > right there in your browser. > 3. Your XRDS doc should have the return_to URL in its URI element > instead of the login page in your case because it is split up, so you have > that correct. > 4. If your return_to URL and realm include a :80 port explicitly, just > for kicks throw it into the URI tag of your XRDS doc. It shouldn't be > required, but I've seen lots of libraries have problems with it. > 5. You say that http://myopenid.happy-cows.com is your realm. But when > I go to that address I get an error page. There must be a valid response > page at your realm URL. > > Try all of the above and see where it gets you. > > Andrew Arnott > > 2008/6/12 Scott Gelb : > > Thanks to Andrew and Mario for your responses. I have tried to implement > them accurately but I still get the same problem. > > Here is what I have right now: > > > This meta tag has been added to all pages: > > > > > > I also tried sending it via PHP's header function instead, but the result > was the same. > > > > The content of yadis.php is: > > header('Content-type: application/xrds+xml'); > ?> > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://myopenid.happy-cows.com/finish_auth.php > > > > > > By the way, just to be clear, finish_auth.php is not my login page, it is > my return_to page. I hope that is correct. > > > > The Yahoo page reports: > > When you leave this page, you will be sent to > * http://myopenid.happy-cows.com > :80/finish_auth.php?janrain...* > > so I assume this is the correct URL to put in the URI tag above, minus the > port and the portion starting with the "?" > > > The only other thing I can think of is that I am using > http://myopenid.happy-cows.com as my realm, and that is a subdomain. > Andrew, you said that there is a problem relating to redirection. I don't > know if that is relevent here, since the actual path would be > http://www.happy-cows.com/myopenid/. > > Any more ideas? > > Thanks, > > Scott > > ------------------------------ > Date: Thu, 12 Jun 2008 07:42:28 -0700 > > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > One last thing that I just remembered: > Your Realm URL cannot cause a 301 redirect. So if the realm you're sending > (or the library you're using is choosing) is to, say... > http://yourdomain.com/boo, but if a browser request to that URL redirects > to http://yourdomain.com/boo/ (note the trailing slash), then you need to > change your realm URL to include the trailing slash. > > All summarized with samples here: > http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html > > And you can see a working sample here: http://nerdbank.org/RP > > Andrew Arnott > > On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott > wrote: > > The specific message that seems to contain all the answers is here: > http://lists.openidenabled.com/pipermail/dev/2008-March/001220.html > > One more tidbit I haven't shared is your Realm URL must send this HTTP > Response header: > X-XRDS-Location: http://nerdbank.org/xrds.aspx > fill in your own XRDS URL. > Apparently Yahoo is reported as not honoring the http-equiv="x-xrds-location"...> style of advertising the XRDS doc. > > Andrew Arnott > > 2008/6/12 Mario Menti : > > Hi Scott, > > there were a couple of long-ish threads on this subject back in March, > which may be helpful to you. You should find them archived here: > http://lists.openidenabled.com/pipermail/dev/2008-March/thread.html > > Mario. > > 2008/6/12 Scott Gelb : > > Hi Andrew, > > Thank you for your response. However, this did not work for me, perhaps I > did something wrong. > > I copied the xml doc as you specified and pasted it into a file called > yadis.xml in my root directory. I changed the contents of the URI tag to the > absolute url of my login page: > > http://myopenid.happy-cows.com/login_openid.php. > > Then I added the meta tag to my header: > > http://myopenid.happy-cows.com/yadis.xml /> > > I then tried my Yahoo openid http://me.yahoo.com/{myloginid}and I got the same warning. > > Any thoughts? > > Thanks, > > Scott > > ------------------------------ > Date: Wed, 11 Jun 2008 18:58:00 -0700 > From: andrewarnott at gmail.com > To: dev at lists.openidenabled.com > Subject: Re: problem with Yahoo openid: website not confirmed its identity > > > Hi Scott, > > You're missing an XRDS document advertised from your Realm URL. Add that > (properly filled out) and Yahoo will stop complaining about your site's > identity. Nothing has to be done regarding your php-openid library here... > it's all just a static XRDS doc. > > Here is a sample XRDS doc. Just change the URI tag contents to point at > the URL of your login page. > > > xmlns:xrds="xri://$xrds" > xmlns:openid="http://openid.net/xmlns/1.0" > xmlns="xri://$xrd*($v*2.0)"> > > > http://specs.openid.net/auth/2.0/return_to > http://nerdbank.org/RP/login.aspx > > > > > Store this XRDS doc on your site somewhere, and point to it from your realm > URL (home page, probably) using a meta tag: > > > That should do it. > > Andrew Arnott > > 2008/6/11 Scott Gelb : > > Hi, > > I'm new to this list. If there's a way to look at past conversations I'd > appreciate someone letting me know. I haven't seen an explanation. > > But here's the problem I'm experiencing. I've incorporated php-openid > version 2.0.1 into my site. It works just fine for a variety of openIDs, but > when I try a Yahoo openID the Yahoo server page shows the warning: > > *Warning: This website has not confirmed its identity with Yahoo! and > might be fraudulent. Do not share any personal information with this website > unless you are certain it is legitimate.* > > It allows me to continue with the login and returns to my site, but there > are two problems. > > 1. No personal data is returned > 2. The characters "#f19b8" are appended to the openid URL. > > I have found some explanations for the warning via Google but they made no > sense to me. I was wondering whether any of you have encountered this issue > and found a solution specific to the php-openid library. > > Thanks for your assistance. > > Scott > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/96852bfd/attachment.htm From scotthg at hotmail.com Thu Jun 12 20:32:44 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Thu, 12 Jun 2008 20:32:44 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <216e54900806122019m36a0d78bp3479d8175823794@mail.gmail.com> References: <216e54900806111858k6e9ed571x11347d997c7ab7a9@mail.gmail.com> <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> <216e54900806122019m36a0d78bp3479d8175823794@mail.gmail.com> Message-ID: Thanks for the suggestion, Andrew. Unfortunately, it didn't work. I will try to get this other site openid-enabled and see if it works any better. Scott Gelb Date: Thu, 12 Jun 2008 20:19:20 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityYou may be able to get away with a static (non-php) index.html page in that home directory, using just the tag. That might be enough for Yahoo.Andrew Arnott 2008/6/12 Scott Gelb : Thanks for the info, Andrew. I have fixed the XRDS doc, it works properly now. But the problem with Yahoo remains. The only thing left is: "You say that http://myopenid.happy-cows.com is your realm. But when I go to that address I get an error page. There must be a valid response page at your realm URL." I am testing this on someone else's site, and I don't have complete control of it, for example, no SSH, only CPanel. So I am having a problem getting it to recognize "DirectoryIndex index.php". It works if you browse to "myopenid.happy-cows.com/index.php", but not "myopenid.happy-cows.com/". I am now trying to integrate the openid code into another site that I have complete control over. I will see if that makes a difference. I will report back. Thanks, Scott Date: Thu, 12 Jun 2008 17:23:42 -0700 From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityScott, here are a few things I note that are problems: Your XRDS doc is failing: http://myopenid.happy-cows.com/yadis.php generates an error (below). It must be a 200 OK response with substance, of course.Parse error: syntax error, unexpected T_STRING in /home/hctest/public_html/myopenid/yadis.php on line 4 The content of your yadis.php file sets the header to "Content-type: ...". Note that the capitalization just might be important. Be sure to set "Content-Type" instead of "Content-type". Test that the header is sent by requesting the URL in your browser. If it works, your browser should attempt to download the page as a file instead of displaying the content right there in your browser. Your XRDS doc should have the return_to URL in its URI element instead of the login page in your case because it is split up, so you have that correct. If your return_to URL and realm include a :80 port explicitly, just for kicks throw it into the URI tag of your XRDS doc. It shouldn't be required, but I've seen lots of libraries have problems with it. You say that http://myopenid.happy-cows.com is your realm. But when I go to that address I get an error page. There must be a valid response page at your realm URL.Try all of the above and see where it gets you.Andrew Arnott 2008/6/12 Scott Gelb : Thanks to Andrew and Mario for your responses. I have tried to implement them accurately but I still get the same problem. Here is what I have right now: This meta tag has been added to all pages: I also tried sending it via PHP's header function instead, but the result was the same. The content of yadis.php is: http://specs.openid.net/auth/2.0/return_to http://myopenid.happy-cows.com/finish_auth.php By the way, just to be clear, finish_auth.php is not my login page, it is my return_to page. I hope that is correct. The Yahoo page reports: When you leave this page, you will be sent to http://myopenid.happy-cows.com:80/finish_auth.php?janrain... so I assume this is the correct URL to put in the URI tag above, minus the port and the portion starting with the "?" The only other thing I can think of is that I am using http://myopenid.happy-cows.com as my realm, and that is a subdomain. Andrew, you said that there is a problem relating to redirection. I don't know if that is relevent here, since the actual path would be http://www.happy-cows.com/myopenid/. Any more ideas? Thanks, Scott Date: Thu, 12 Jun 2008 07:42:28 -0700 From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identityOne last thing that I just remembered:Your Realm URL cannot cause a 301 redirect. So if the realm you're sending (or the library you're using is choosing) is to, say... http://yourdomain.com/boo, but if a browser request to that URL redirects to http://yourdomain.com/boo/ (note the trailing slash), then you need to change your realm URL to include the trailing slash.All summarized with samples here:http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.htmlAnd you can see a working sample here: http://nerdbank.org/RPAndrew Arnott On Thu, Jun 12, 2008 at 7:14 AM, Andrew Arnott wrote: The specific message that seems to contain all the answers is here:http://lists.openidenabled.com/pipermail/dev/2008-March/001220.htmlOne more tidbit I haven't shared is your Realm URL must send this HTTP Response header:X-XRDS-Location: http://nerdbank.org/xrds.aspxfill in your own XRDS URL.Apparently Yahoo is reported as not honoring the style of advertising the XRDS doc.Andrew Arnott 2008/6/12 Mario Menti : Hi Scott,there were a couple of long-ish threads on this subject back in March, which may be helpful to you. You should find them archived here:http://lists.openidenabled.com/pipermail/dev/2008-March/thread.htmlMario. 2008/6/12 Scott Gelb : Hi Andrew, Thank you for your response. However, this did not work for me, perhaps I did something wrong. I copied the xml doc as you specified and pasted it into a file called yadis.xml in my root directory. I changed the contents of the URI tag to the absolute url of my login page: http://myopenid.happy-cows.com/login_openid.php.Then I added the meta tag to my header: I then tried my Yahoo openid http://me.yahoo.com/{myloginid} and I got the same warning. Any thoughts? Thanks, Scott Date: Wed, 11 Jun 2008 18:58:00 -0700From: andrewarnott at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identity Hi Scott,You're missing an XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. Nothing has to be done regarding your php-openid library here... it's all just a static XRDS doc. Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page. http://specs.openid.net/auth/2.0/return_to http://nerdbank.org/RP/login.aspx Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:That should do it.Andrew Arnott 2008/6/11 Scott Gelb : Hi, I'm new to this list. If there's a way to look at past conversations I'd appreciate someone letting me know. I haven't seen an explanation. But here's the problem I'm experiencing. I've incorporated php-openid version 2.0.1 into my site. It works just fine for a variety of openIDs, but when I try a Yahoo openID the Yahoo server page shows the warning: Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate. It allows me to continue with the login and returns to my site, but there are two problems. 1. No personal data is returned2. The characters "#f19b8" are appended to the openid URL. I have found some explanations for the warning via Google but they made no sense to me. I was wondering whether any of you have encountered this issue and found a solution specific to the php-openid library. Thanks for your assistance. Scott_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev_______________________________________________Dev mailing listDev at lists.openidenabled.comhttp://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080612/708e14ef/attachment-0001.html From joren.degroof at gmail.com Fri Jun 13 05:38:36 2008 From: joren.degroof at gmail.com (Joren De Groof) Date: Fri, 13 Jun 2008 14:38:36 +0200 Subject: Ruby openid Server Message-ID: <48526a4d.0e87460a.6b3d.623f@mx.google.com> Hi everybody, I'm keep having a routing problem with my openid-server with Ruby On Rails. Processing OpenidController#create (for 127.0.0.1 at 2008-06-13 10:56:13) [POST] Session ID: f792d06651e98041a2722f1e038610c8 Parameters: {"openid.sreg.nickname"=>"joren", "openid.sreg.fullname"=>"joren de groof", "openid.sreg.dob"=>"1986-03-16", "openid.sig"=>"bl4rtiOoCfDWOs2mNZA6C39UI28=", "openid.return_to"=>"http://localhost:3001/consumer/complete?did_sreg=y &openid1_claimed_id=http%3A%2F%2Flocalhost%3A3000%2Fjoren&rp_nonce=2008-06-1 3T08%3A56%3A10Zomb27v", "openid.mode"=>"check_authentication", "openid.op_endpoint"=>"http://localhost:3000/openid", "openid.response_nonce"=>"2008-06-13T08:56:13Zmsvxvg", "action"=>"create", "openid.sreg.email"=>"jos at dejoren.be", "controller"=>"openid", "openid.identity"=>"http://localhost:3000/joren", "openid.signed"=>"assoc_handle,identity,mode,op_endpoint,response_nonce,retu rn_to,signed,sreg.dob,sreg.email,sreg.fullname,sreg.nickname", "openid.assoc_handle"=>"{HMAC-SHA1}{4852362d}{fiX16A==}"} Redirected to http://localhost:3000/session/new Filter chain halted as [:login_required] rendered_or_redirected. Completed in 0.00100 (1000 reqs/sec) | DB: 0.00000 (0%) | 302 Found [http://localhost/openid] Processing ApplicationController#index (for 127.0.0.1 at 2008-06-13 10:56:14) [POST] Session ID: 9dd3694c3a51cb68471271b167cbbb47 Parameters: {"openid.sreg.nickname"=>"joren", "openid.sreg.fullname"=>"joren de groof", "openid.sreg.dob"=>"1986-03-16", "openid.sig"=>"bl4rtiOoCfDWOs2mNZA6C39UI28=", "openid.return_to"=>"http://localhost:3001/consumer/complete?did_sreg=y &openid1_claimed_id=http%3A%2F%2Flocalhost%3A3000%2Fjoren&rp_nonce=2008-06-1 3T08%3A56%3A10Zomb27v", "openid.mode"=>"check_authentication", "openid.op_endpoint"=>"http://localhost:3000/openid", "openid.response_nonce"=>"2008-06-13T08:56:13Zmsvxvg", "openid.sreg.email"=>"jos at dejoren.be", "openid.identity"=>"http://localhost:3000/joren", "openid.signed"=>"assoc_handle,identity,mode,op_endpoint,response_nonce,retu rn_to,signed,sreg.dob,sreg.email,sreg.fullname,sreg.nickname", "openid.assoc_handle"=>"{HMAC-SHA1}{4852362d}{fiX16A==}"} ActionController::MethodNotAllowed (Only get requests are allowed.): /vendor/rails/actionpack/lib/action_controller/routing/recognition_opti This is what I'm getiing in my log. After the redirect from a consumer, it touches my server, checks the authentication with restfull_authentication plugin and then does a POST to the application_controller, which is really not the intention, I don't have any routes to this controller. The weird thing is that it doesn't give me any error, besides in my log files. When I confirm that I trust the consumer-site. I redirect to it, but whit a HTTP 405 error code. Is it a problem in OpenID, in Ruby or in Rails anybody knows of? Thanks Joren De Groof +32 (0)473 43 69 54 info at jorendegroof.be www.jorendegroof.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080613/00245724/attachment.html From mmenti at gmail.com Fri Jun 13 10:11:12 2008 From: mmenti at gmail.com (Mario Menti) Date: Fri, 13 Jun 2008 18:11:12 +0100 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: References: <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> <216e54900806122019m36a0d78bp3479d8175823794@mail.gmail.com> Message-ID: <2dd7faef0806131011t34b6e356n4d2e4e60ccac7df7@mail.gmail.com> 2008/6/13 Scott Gelb : > Thanks for the suggestion, Andrew. Unfortunately, it didn't work. > > I will try to get this other site openid-enabled and see if it works any > better. > > Scott Gelb > Y! does RP discovery from the realm URL, so I think you just need to make sure that the realm URL returns 200 OK - in my case, although everything else was set up correctly, the realm URL initially returned 404, and RP verification failed immediately. Once I returned a 200 OK, everything worked. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080613/3fc4cd91/attachment.htm From scotthg at hotmail.com Fri Jun 13 10:41:04 2008 From: scotthg at hotmail.com (Scott Gelb) Date: Fri, 13 Jun 2008 10:41:04 -0700 Subject: problem with Yahoo openid: website not confirmed its identity In-Reply-To: <2dd7faef0806131011t34b6e356n4d2e4e60ccac7df7@mail.gmail.com> References: <2dd7faef0806120116v31da9392w1f55f1fe45645d56@mail.gmail.com> <216e54900806120714v74092a61sdcd5b3c5b1eb2af7@mail.gmail.com> <216e54900806120742y3b5e5889gdf542fe255c72b7a@mail.gmail.com> <216e54900806121723p461193d9vb626e83a046e2411@mail.gmail.com> <216e54900806122019m36a0d78bp3479d8175823794@mail.gmail.com> <2dd7faef0806131011t34b6e356n4d2e4e60ccac7df7@mail.gmail.com> Message-ID: Thanks, Mario. I'm working on that now. Date: Fri, 13 Jun 2008 18:11:12 +0100From: mmenti at gmail.comTo: dev at lists.openidenabled.comSubject: Re: problem with Yahoo openid: website not confirmed its identity 2008/6/13 Scott Gelb : Thanks for the suggestion, Andrew. Unfortunately, it didn't work. I will try to get this other site openid-enabled and see if it works any better. Scott Gelb Y! does RP discovery from the realm URL, so I think you just need to make sure that the realm URL returns 200 OK - in my case, although everything else was set up correctly, the realm URL initially returned 404, and RP verification failed immediately. Once I returned a 200 OK, everything worked. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080613/e995b7d3/attachment.html From kevin at janrain.com Fri Jun 13 10:53:51 2008 From: kevin at janrain.com (Kevin Turner) Date: Fri, 13 Jun 2008 10:53:51 -0700 Subject: Ruby openid Server In-Reply-To: <48526a4d.0e87460a.6b3d.623f@mx.google.com> References: <48526a4d.0e87460a.6b3d.623f@mx.google.com> Message-ID: <201e81ff0806131053g7b2bbd61u29ecb5f6d1fc7d5c@mail.gmail.com> Your server needs to accept POSTs to that op_endpoint location, the one that's listed as the openid2.provider URL on your identifier page. They will be coming directly from the RP's openid software, not from a browser, so there won't be a session for that request and it shouldn't get one. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080613/5ebcc963/attachment.htm From doug at rds.com Fri Jun 13 15:03:33 2008 From: doug at rds.com (Doug Kaye) Date: Fri, 13 Jun 2008 15:03:33 -0700 Subject: "return_to does not match" PHP OpenID 2.1.0 Message-ID: <4B6FD2BB-ACF2-4A09-83F2-87C5F17CC9FA@rds.com> I've been running around in circles with this for eight hours or more... 1. Trying to implement a simple Customer in PHP. 2. Installed the PHP OpenID 2.1.0 libraries. 3. The code in /examples/consumer works fine. 4. My own code for begin() works fine with the example code for complete(). 5. My own code for complete() fails with the following: OpenID authentication failed: return_to does not match return URL. Expected http://www.cn.org:80//registration-openid, got http://www.cn.org:80//registration-openid?janrain_nonce=2008-06-13T21%3A46%3A10ZggTSbx&openid1_claimed_id=http%3A%2F%2Fdkaye.myopenid.com%2F No matter what I do, the Expected text appears without the query string but the Got string includes it. I have edited the getReturnTo() function in common.php, which is otherwise hard-coded to assume a phase-2 script named finish_auth.php. But even when getReturnTo() returns the proper URI of my script, $consumer->complete() always returns this error. I tried digging deep into Auth_OpenID_Consumer to understand what's going on, but the PHP is a bit over my head. Any ideas? ...doug From kevin at janrain.com Fri Jun 13 16:25:09 2008 From: kevin at janrain.com (Kevin Turner) Date: Fri, 13 Jun 2008 16:25:09 -0700 Subject: ArgumentErrors on ruby 1.9 Message-ID: <201e81ff0806131625m1a803d66kc0d7e5f1da6ba52e@mail.gmail.com> I was just noticing that ruby-openid hasn't passed tests on Ruby 1.9 in a while. http://intertwingly.net/projects/ruby19/logs/openid.html Anyone want to take a look at this? Thanks, - Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080613/9b5e5cd5/attachment.html From asa.openliberty at zenn.net Thu Jun 19 07:33:57 2008 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Thu, 19 Jun 2008 10:33:57 -0400 Subject: using an OP Identifier Message-ID: <2B49490F-5803-4961-9DB8-BB52462E84EF@zenn.net> Hi All, The demo RP here handles an OP Identifier of "yahoo.com" http://openidenabled.com/php-openid/trunk/examples/consumer/ My installation of the demo does not work!: http://www.hardcastle.org/examples/consumer/index.php Am I missing a configuration step? The detection script states "Your PHP installation does not support SSL, so it will NOT be able to process HTTPS identity URLs and server URLs." http://www.hardcastle.org/examples/detect.php But my systems admin says: > Not sure why the detect script fails on this one but SSL support is > included in the PHP5 Apache module on this server. You can confirm > by directly runnning the test in line 34 in Auth/Yadis/ > PlainHTTPFetcher.php in a little test script. I hope this is a simple question. I am just learning about the library and I have been setting up the examples both on my localhost and on a live server. Both PHP5. thanks in advance, asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080619/58669bdd/attachment.html From evan at prodromou.name Thu Jun 19 11:44:39 2008 From: evan at prodromou.name (Evan Prodromou) Date: Thu, 19 Jun 2008 14:44:39 -0400 Subject: Bug in Consumer.php when using immediate mode Message-ID: <485AA917.2070401@prodromou.name> There's a bug in Consumer.php when using immediate mode. I've attached a patch to fix it. -Evan -------------- next part -------------- A non-text attachment was scrubbed... Name: setupneeded.diff Type: text/x-diff Size: 696 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20080619/09b4d8d2/attachment.bin From josh at janrain.com Fri Jun 20 16:14:53 2008 From: josh at janrain.com (Josh Hoyt) Date: Fri, 20 Jun 2008 16:14:53 -0700 Subject: Bug in Consumer.php when using immediate mode In-Reply-To: <485AA917.2070401@prodromou.name> References: <485AA917.2070401@prodromou.name> Message-ID: Patch applied to trunk. Thanks! Josh From openid at jaskolla.com Sat Jun 21 03:13:38 2008 From: openid at jaskolla.com (Oswald Jaskolla) Date: Sat, 21 Jun 2008 12:13:38 +0200 Subject: Need help contributing documentation Message-ID: <485CD452.9040400@jaskolla.com> Hello! The documentation of php-openid needs improvement. I wanted to tackle that, so I retrieved the sources with Drac as suggested on http://www.openidenabled.com/php-openid/. Now I am a bit confused: 1. php-openid-2.1.0 and the development snapshot have a folder "Auth" containing the sources 2. My Drac repository has a folder "Net" containing only some of the sources; there is no folder "Auth" and no Provider. Is there some major redesign going on? If so, where can I keep up to date? Can someone please fill me in on what is going on. Thank you, Oswald From kevin at janrain.com Sat Jun 21 10:53:45 2008 From: kevin at janrain.com (Kevin Turner) Date: Sat, 21 Jun 2008 10:53:45 -0700 Subject: Need help contributing documentation In-Reply-To: <485CD452.9040400@jaskolla.com> References: <485CD452.9040400@jaskolla.com> Message-ID: <201e81ff0806211053l2a1fe042ic84b3142bfe59093@mail.gmail.com> Oswald, Thank you for choosing to contribute! I'm pretty confused about your situation though. I just did a darcs get http://openidenabled.com/files/php-openid/repos/2.x.x/ and now I have a directory 2.x.x/Auth here. I am not sure where your Net directory is coming from. Did you get from some other URL? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080621/1d79284f/attachment.html From evan at prodromou.name Sat Jun 21 12:50:48 2008 From: evan at prodromou.name (Evan Prodromou) Date: Sat, 21 Jun 2008 15:50:48 -0400 Subject: Bug in Consumer.php when using immediate mode In-Reply-To: References: <485AA917.2070401@prodromou.name> Message-ID: <1214077848.8995.0.camel@zhora.4690ruepontiac.net> On Fri, 2008-06-20 at 16:14 -0700, Josh Hoyt wrote: > Patch applied to trunk. Awesome. -Evan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080621/246518af/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5175 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20080621/246518af/attachment.bin From dev-list-openidenabled at thequod.de Sun Jun 22 08:05:30 2008 From: dev-list-openidenabled at thequod.de (dev-list-openidenabled at thequod.de) Date: Sun, 22 Jun 2008 17:05:30 +0200 (CEST) Subject: darcs patch: ParanoidHTTPFetcher-strpos-instead-of-preg_match-and-c... Message-ID: <20080622150530.EC94714AE6E@base.localdomain> Sun Jun 22 16:15:37 CEST 2008 dAniel hAhler * ParanoidHTTPFetcher-strpos-instead-of-preg_match-and-code-improvements ParanoidHTTPFetcher: - Fix corner case in get() and post() for headers without any value (e.g. 'Expires:') - Use strpos() instead of preg_match() when looking for ":" (and look for ": " now instead) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 17692 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20080622/7cc3142d/attachment-0001.bin From openid at jaskolla.com Mon Jun 23 04:18:58 2008 From: openid at jaskolla.com (Oswald Jaskolla) Date: Mon, 23 Jun 2008 13:18:58 +0200 Subject: Need help contributing documentation In-Reply-To: <201e81ff0806211053l2a1fe042ic84b3142bfe59093@mail.gmail.com> References: <485CD452.9040400@jaskolla.com> <201e81ff0806211053l2a1fe042ic84b3142bfe59093@mail.gmail.com> Message-ID: <485F86A2.5000906@jaskolla.com> Hello Kevin, Kevin Turner wrote: > I am not sure where your Net directory is coming from. > Did you get from some other URL? I checked out from the correct URL. I tried again and indeed got the Auth directory, though incomplete. I guess this last fault is related to my shaky internet connection. Thanks for your help, I will try again later. Greetings, Oswald From will at willnorris.com Mon Jun 23 16:44:54 2008 From: will at willnorris.com (will at willnorris.com) Date: Mon, 23 Jun 2008 16:44:54 -0700 (PDT) Subject: darcs patch: fix accept header Message-ID: <20080623234454.34AAD4BC9D5@aquinas.local> Mon Jun 23 16:15:33 PDT 2008 will at willnorris.com * fix accept header -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 16548 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20080623/01e3efe1/attachment.bin From kevin at janrain.com Tue Jun 24 17:36:59 2008 From: kevin at janrain.com (Kevin Turner) Date: Tue, 24 Jun 2008 17:36:59 -0700 Subject: Need help contributing documentation In-Reply-To: <485F86A2.5000906@jaskolla.com> References: <485CD452.9040400@jaskolla.com> <201e81ff0806211053l2a1fe042ic84b3142bfe59093@mail.gmail.com> <485F86A2.5000906@jaskolla.com> Message-ID: <201e81ff0806241736v54595b38v39b638785b305fab@mail.gmail.com> On Mon, Jun 23, 2008 at 4:18 AM, Oswald Jaskolla wrote: > I checked out from the correct URL. I tried again and indeed got the > Auth directory, though incomplete. I guess this last fault is related to > my shaky internet connection. Hmm. Well, it certainly is easiest for us to integrate contributions if they're made with darcs, but if you really can't get darcs working, you could work from the nightly tarballs. If you send us a unified diff (generated with "diff -u") generated against a recent build, we can work with that. Thanks, - Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080624/4e2c337a/attachment.htm From kevin at janrain.com Tue Jun 24 17:42:25 2008 From: kevin at janrain.com (Kevin Turner) Date: Tue, 24 Jun 2008 17:42:25 -0700 Subject: darcs patch: fix accept header In-Reply-To: <20080623234454.34AAD4BC9D5@aquinas.local> References: <20080623234454.34AAD4BC9D5@aquinas.local> Message-ID: <201e81ff0806241742h166f4156m5949dd35d41d71e6@mail.gmail.com> Oops, that was my mistake. Thanks for the catch Will, you patch has been applied. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080624/7e1b2e91/attachment.html From kevin at janrain.com Fri Jun 27 16:21:42 2008 From: kevin at janrain.com (Kevin Turner) Date: Fri, 27 Jun 2008 16:21:42 -0700 Subject: [ANN] bugfix releases for Python, Ruby and PHP Message-ID: <201e81ff0806271621gcaa91feo8800410e08c08df