[Code] Verification of RP return_to
Terrance Daniels
tadaniels at gmail.com
Mon Mar 11 15:06:24 UTC 2013
Hi All,
I've been trying to get an OP implemented in Rails that supports
verification of the RP return_to value.
>From what I can tell, on the CheckIDRequest class, there is a
return_to_verified method that uses TrustRoot to verifiy the RP's return_to
value is valid. Inside the method that is defined by TrustRoot it refers
to a services variable that doesn't seem to be defined anywhere.
Is there something I'm missing here?
Here is the code snippet from TrustRoot that is failing:
# Given a relying party discovery URL return a list of return_to
# URLs.
def TrustRoot.get_allowed_return_urls(relying_party_url)
rp_url_after_redirects, return_to_urls = services
.get_service_endpoints(
relying_party_url, _extract_return_url)
if rp_url_after_redirects != relying_party_url
# Verification caused a redirect
raise RealmVerificationRedirected.new(
relying_party_url, rp_url_after_redirects)
end
return return_to_urls
end
The highlighted value is what causes the failure for me. Any help related
to this matter would be great.
Thanks
Terry Daniels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20130311/1a85a1c7/attachment.html>
More information about the Code
mailing list