Eric said: <br><div style="margin-left: 40px;">The address bar said http, but I might have looked to quickly. It could have been protectnetwork that did the demotion.<br></div>
<br>Eric, if the address bar while you were authenticating with your OP said "http", that is entirely up to the OP and not DotNetOpenId or any other RP. The OP may or may not have an HTTPS OP endpoint (the programmatic OpenID receiver), but once the checkid_setup message is received at the OP, the OP certainly may (and in my experience often does) redirect the user agent to a standard HTTP URL as part of the "do you want to authenticate to [realm] RP?" experience. I'm not saying this is good by any means, but it's certainly legal, and if you don't like it, confront your OP about it.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Thu, Jan 1, 2009 at 2:18 PM, Eric Norman <span dir="ltr"><<a href="mailto:ejnorman@doit.wisc.edu">ejnorman@doit.wisc.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
On Jan 1, 2009, at 2:45 PM, Andrew Arnott wrote:<br>
<br>
> Eric,<br>
> <br>
> I believe it is exactly the problem that Peter is facing.<br>
> <br>
> Regarding the behavior you saw, Eric, DotNetOpenId doesn't ever demote<br>
> https to http (or if so it would be a bug), but it will go through all<br>
> endpoints listed for a given OpenID and chooses from among that list. <br>
> So if your OpenID has multiple service endpoints listed (through an<br>
> XRDS file) can you check whether a non HTTPS OP Endpoint is among the<br>
> list?<br>
<br>
</div>The address bar said http, but I might have looked<br>
to quickly. It could have been protectnetwork that<br>
did the demotion.<br>
<div class="Ih2E3d"> <br>
> I'd very much like to know the particular OpenID you were trying it<br>
> with so I can examine the behavior if you'd care to share (perhaps off<br>
> the list if you wish).<br>
<br>
</div><a href="https://ejnorman.protectnetwork.org" target="_blank">https://ejnorman.protectnetwork.org</a><br>
<br>
This has worked at some OpenID sites in the past.<br>
<br>
In any case, there's certainly a bug somewhere since<br>
the error message I quoted is complaining about<br>
something I never typed.<br>
<div><div></div><div class="Wj3C7c"><br>
Eric Norman<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>