<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.18.3">
</HEAD>
<BODY>
Thanks. I will first try Zend's OpenID relying agent API but assumed it was some common OpenID problemen due to its randomness.<BR>
<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
-
Markus Jelsma Buyways B.V.
Technisch Architect Friesestraatweg 215c
<A HREF="http://www.buyways.nl">http://www.buyways.nl</A> 9743 AD Groningen
Alg. 050-853 6600 KvK 01074105
Tel. 050-853 6620 Fax. 050-3118124
Mob. 06-5025 8350 In: <A HREF="http://www.linkedin.com/in/markus17/">http://www.linkedin.com/in/markus17/</A>
</PRE>
</TD>
</TR>
</TABLE>
<BR>
<BR>
On Thu, 2009-09-10 at 10:22 -0700, Yang Zhao wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
2009/9/10 Markus Jelsma - Buyways B.V. <<A HREF="mailto:markus@buyways.nl">markus@buyways.nl</A>>
> I think i have not made myself very clear and i am sorry for that. It is OpenID where the problem is. First i authenticate with the OpenID server and then i verify that authentication with that same OpenID server, our own protocol has not yet even started yet because it already (sometimes) failes in the OpenID check.
OK. When you said OpenID authentication works fine, I assumed the
check_authentication step was completing successfully as well. The
authentication isn't really completed until that is done. In any
case, your cetralized server is not involved at all yet. Good to get
that cleared up.
> First i do the redirect to the OpenID server for the user to fill in his password, then it will redirect back to a location...
>
> This step should return, somewhere in the body, a is_valid: true, but it _sometimes_ returns an is_valid: false instead, thus failing the authentication.
If it's random failures with the same identity, the thing to do would
be to examine any debugging logs that's available at the OP or
consumer. If there aren't such things, try and get dumps of the
exchange that happens and verify that it is indeed valid by hand.
If you're convinced that it's a library problem, then telling us what
that library is would be a start. If that's proprietary, then I'm not
sure what else we can do to help here; you just have a bug in an
otherwise conforming implementation.
--
Yang Zhao
<A HREF="http://yangman.ca">http://yangman.ca</A>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>