Problem with check_authentication
Kevin Richards
krichards at giggl.es
Fri Apr 13 15:53:09 UTC 2007
In the spec it shows an example of the 'signed' fields returned from a
check_id_* request as "mode,identity,return_to". However if you try and do a
check_authentication it will always fail because the mode will always be
check_authentication not.
Should the mode really be included in the signed list? We came across this
problem when our load-balancing failed and a consumer (IDPrism) recieved a
valid response intended for another server. The response was valid but the
assoc_handle was setup on another server! When the Consumer tries to use
dumb mode to check the authentication the provider returns "is_valid:false"
because the signed fields included mode - and that has now changed.
Is this a bug in the spec?
Kev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070413/b9056b86/attachment-0001.htm>
More information about the specs
mailing list