Yadis gurus, some clarification?
Dan Lyke
danlyke at flutterby.com
Thu Sep 28 03:48:05 UTC 2006
After running into my issue with LJ's non-implementation earlier, I'm
working my way down the list, and VeriSign Labs is next up!
If I do an OpenID login to http://danlyke.pip.verisignlabs.com,
everything works.
But either I'm not understanding Yadis right (and this may not be the
right forum for Yadis), or Yadis isn't working right either here.
I do a HEAD on http://danlyke.pip.verisignlabs.com and get a "403
Forbidden" response. Interesting, seems really strange that a HEAD
would be forbidden and a GET would be okay, so I rework my code to try
a GET no matter what the response from the HEAD is, and I get an HTML
document with:
<meta http-equiv="X-XRDS-Location"
content="http://pip.verisignlabs.com/user/danlyke/yadis" />
in it. So far so good. I retrieve
http://pip.verisignlabs.com/user/danlyke/yadis, parse it, and see that
I have, among the Services, an entry with a Type with a type of
"http://openid.net/signon/1.0", which I recognize. It's associated URL
is:
https://pip.verisignlabs.com/server
So I do a
$csr->claimed_identity('https://pip.verisignlabs.com/server') and get
undef back.
Shouldn't the Yadis document Service for an OpenID login specify a URL
that gives me a <link rel="openid.server" ...> ? Otherwise what's the
point of Yadis?
And to all of you folks who email me with various other wannnabe SSO
providers when I pop a question up here: I'll send my users to the
first site which offers me up a working Yadis document, OpenID and LID
sign-ons, and LID metadata.
Dan
More information about the general
mailing list