[OpenID] check_authentication

Dan Ragle dragle at jupitermedia.com
Thu Jul 24 14:34:39 UTC 2008 

Just some guesses:

Are you sure you're sending everything back; especially assoc_handle,
sig, response_nonce, signed, op_endpoint (i.e., the things you didn't
send in your original request but received from the OP)?

Are you sending the data as a POST request (required for direct
requests), and not a GET?

Is there perhaps some type of character encoding (or lack thereof)
going on behind the scenes that may be altering the values of the
parameters that are actually being sent to the OP? I.E., is the
content-type being set to application/x-www-form-urlencoded and
the data actually properly URL encoded? I like to use wireshark
to ensure I know exactly what the data looks like pre and post my
script getting it.

Are you checking for true/false (lower case)?

Hope this is helpful...

Dan

> I'm trying to test how the RP library I'm working on handles stateless 
> mode - all works fine up to the point where I request that the OP verify 
> the sig in the response. Whatever OP I try they all respond that the sig 
> is not valid. It seems it must be some bug in my code but I really can't 
> figure out what the problem could be?
> 
> For testing I'm forcing stateless session mode, so there's no 
> association negotiated and the only params sent in the redirect url are 
> openid.ns, openid.mode, openid.realm, openid.return_to, openid.identity 
> and openid.claimed_id (also for testing purposes I'm preventing any 
> extensions being added). The response to the authetication request is 
> positive and passes all verification tests right up to the point where I 
> request the OP to verify the sig, the response for which always contains 
> is_valid=FALSE. I have checked and checked and double checked that - as 
> the specs dictate - the check_authentication request post data only 
> contains the exact same query params as received from the OP in the 
> positive assertion except with the mode changed to 'check_authentication'.
> 
> As the response of is_valid=false is so uninformative and as far as I 
> can tell I have followed the specs this has me kind of stumped.
> 
> I know this is tricky without source code or debug data but does anyone 
> have any idea as to what could be the problem - or what I should try in 
> order to find out??
> 
> many thanks,
> 
> =james.tindall
> 
> 
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
>

More information about the general mailing list