Error parsing response: unknown mode response from LiveJournal IDP

25 views
Skip to first unread message

Alex Little

unread,
Dec 12, 2007, 8:17:58 AM12/12/07
to joid-dev
Hi,
I'm attempting to use my LiveJournal OpenID when logging in to the demo consumer (index.jsp) from the joid.war but I keep getting an error. The returned error from LiveJournal is "error:unknown mode".

I'm a little confused as to where the problem lies, I'm not sure if it was to do with LiveJournal server or with JOID, though since I can log into other sites (eg http://simpy.com and http://ma.gnolia.com) using my livejournal openid, I'm assuming that the problem lies with joid jar?

Can anyone confirm this problem - and/or suggest a solution? For info I've included below the error from tomcat console and the reqeust/response from a packet sniffer for the associate request. Obviously I can't capture the associate requests/reponses for the sites where I can get it to work - so can;t compare what may be going on.

Cheers for any help :-)
Alex

--------------------------------------
Tomcat console messages:
---------------------------------------
12-Dec-2007 13:04:35 org.verisign.joid.consumer.JoidConsumer associate
INFO: [JoidConsumer] Attempting to associate with: http://www.livejournal.com/op
enid/server.bml
12-Dec-2007 13:04:35 org.verisign.joid.consumer.JoidConsumer associate
INFO: Request=[AssociationRequest version=2.0, namespace=http://specs.openid.net
/auth/2.0, session type=DH-SHA1, association type=HMAC-SHA1]
org.verisign.joid.OpenIdException : Cannot parse response from error:Unknown mode

        at org.verisign.joid.ResponseFactory.parse(ResponseFactory.java:70)
        at org.verisign.joid.consumer.Util.send(Util.java:43)
        at org.verisign.joid.consumer.JoidConsumer.associate (JoidConsumer.java:1
01)
        at org.verisign.joid.consumer.JoidConsumer.getProps(JoidConsumer.java:58
)
        at org.verisign.joid.consumer.JoidConsumer.getAuthUrl(JoidConsumer.java:
163)
        at org.apache.jsp.index_jsp._jspService(index_jsp.java:57)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:334)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3


----------------------------------------------------------
Packet sniffer output:
----------------------------------------------------------
GET http://www.livejournal.com/openid/server.bml?openid.assoc_type=HMAC-SHA1&openid.session_type=DH-SHA1&openid.mode=associate&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.dh_consumer_public=ANaSU0268vNcFisq5q%2F1OFYutBAJxe%2Bq%2F%2FmD9mOjYltLt7GJWdCS4RyS%2BRquluw2X6LFI0v3o%2BYntvLMrp1pRo2AOT%2BDVnhK1WOHRJq0%2FXJ0dL22l4tHYSO75Xyq8wmQI7fc2DcB%2BghZlvgPGDUGQv%2BzZNgnxFi%2BscRFjJHHMDk7 HTTP/1.1
User-Agent: Java/1.5.0_08
Host: www.livejournal.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
Content-type: application/x-www-form-urlencoded


HTTP/1.0 200 OK
Date: Wed, 12 Dec 2007 13:06:03 GMT
Server: Apache
Set-Cookie: ljuniq=dfO6ouhQWkbKqLg:1197464763:pgstats0:m0; expires=Sunday, 10-Feb-2008 13:06:03 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
Pragma: no-cache
ETag: "2fcd3c5f0e8128be62523c9bb09b09e0"
Content-Length: 20
Content-Type: text/plain
Content-Language: en
Expires: Wed, 12 Dec 2007 13:06:03 GMT
X-Cache: MISS from hindburn.open.ac.uk
Proxy-Connection: keep-alive

error:Unknown mode

vlsergey

unread,
Dec 16, 2007, 8:53:58 AM12/16/07
to joid-dev
Good day,

The same problem: "unknown mode"

http://www.livejournal.com/openid/server.bml?openid.assoc_type=HMAC-SHA1&openid.session_type=DH-SHA1&openid.mode=associate&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.dh_consumer_public=ANaSU0268vNcFisq5q%2F1OFYutBAJxe%2Bq%2F%2FmD9mOjYltLt7GJWdCS4RyS%2BRquluw2X6LFI0v3o%2BYntvLMrp1pRo2AOT%2BDVnhK1WOHRJq0%2FXJ0dL22l4tHYSO75Xyq8wmQI7fc2DcB%2BghZlvgPGDUGQv%2BzZNgnxFi%2BscRFjJHHMDk7HTTP/1.1

Can't find any information what kind of string it should be. Alex, can
you logon to simply.com with your LiveJournal OpenID and snif packets?
I want to see the difference :)

Sergey.

On Dec 12, 4:17 pm, "Alex Little" <alextlit...@googlemail.com> wrote:
> Hi,
> I'm attempting to use my LiveJournal OpenID when logging in to the demo
> consumer (index.jsp) from the joid.war but I keep getting an error. The
> returned error from LiveJournal is "error:unknown mode".
>
> I'm a little confused as to where the problem lies, I'm not sure if it was
> to do with LiveJournal server or with JOID, though since I can log into
> other sites (eghttp://simpy.comandhttp://ma.gnolia.com) using my
> GEThttp://www.livejournal.com/openid/server.bml?openid.assoc_type=HMAC-S...

Alex Little

unread,
Dec 17, 2007, 4:35:12 AM12/17/07
to joid...@googlegroups.com
Hi Sergey,

Thanks for your reply. I tried running a packet sniffer as you say, but unfortunately it doesn't give any useful insights as to why my consumer is going wrong. The reason for this is that the mode=associate request is directly between the RP & OP (so directly from simpy.com consumer to LiveJournal openid server), so my packet sniffer can't pick up these requests.

My suspicion is that most of these consumers are working on dumb-mode and so don't do an association request, whereas the joid example consumer is working in smart-mode. I also suspect that some of the openid servers don't yet support the association requests and that's where the problem lies, but that really is just a theory on my part (anyone feel free to correct me if I'm wrong here!) - I'm posted a query to LiveJournal tech support to see if they can shed any light on this.

For info I'm having email conversation with Gary Krall (from Verisign) about this too to see if we can work out whats going on - so will post here if I manage to get anything figured out.
Cheers :-)
Alex


Barry Ferg

unread,
Dec 17, 2007, 4:38:12 PM12/17/07
to joid...@googlegroups.com
Hi Alex,

On Dec 17, 2007 1:35 AM, Alex Little <alext...@googlemail.com> wrote:
> .... I tried running a packet sniffer as you say, but unfortunately


> it doesn't give any useful insights as to why my consumer is going
> wrong. The reason for this is that the mode=associate request is
> directly between the RP & OP (so directly from simpy.com consumer to
> LiveJournal openid server), so my packet sniffer can't pick up these
> requests.

I generally only use the JOID library in provider, not consumer, mode
but I have found the JanRain example servers to be quite useful in
testing. I set up both my JOID-based provider server and the JanRain
consumer to run locally so I can monitor all transactions, including
association. The JanRain Python implementation is good quality code
and quite easy to hack to do whatever you need it to in order to test.
It is also nice to verify that the JOID code interoperates with other
implementations like this.

So: you might want to try one of the JanRain example provider servers
and test against that.

> My suspicion is that most of these consumers are working on
> dumb-mode and so don't do an association request, whereas the joid
> example consumer is working in smart-mode. I also suspect that some
> of the openid servers don't yet support the association requests and
> that's where the problem lies, but that really is just a theory on
> my part (anyone feel free to correct me if I'm wrong here!) - I'm
> posted a query to LiveJournal tech support to see if they can shed
> any light on this.

Another thing you could use for debugging is VeriSign's SeatBelt
Firefox extension (https://pip.verisignlabs.com/seatbelt.do). If you
go to about:config and create a new boolean preference parameter named
"oidextension.trace" set to "true", it will display OpenID
authentication transactions in the Firefox error console in a nicely
formatted form. From that it will be very easy to tell if any of the
other consumers you're looking at are running in smart or dumb mode.
I'm pretty sure most run with associations turned on, and all the
providers I've checked do support it.

Cheers,
Barry

Alex Little

unread,
Dec 18, 2007, 4:15:21 AM12/18/07
to joid...@googlegroups.com
Cheers Barry,

yes, I've run the JanRain (example) consumer against my LiveJournal OpenID and that works fine - but this example consumer doesn't (according to my packet sniffer) issue an associate request - so the problem I have with the joid consumer never arises.

The problem I'm having is very easy to replicate - I'm simply using the default example consumer from the joid.war and entering a (valid) LiveJournal OpenID, and then I get the error occuring with "error: unknown mode " response from LiveJournal during the associate request. You can try with my LJ OpenID: http://alextlittle.livejournal.com (I don't get as far as actually seeing the login form) and I'd be interested to know if other people get the same error I do or whether it works for them. My colleague has the same issue with her LJ OpenID.

I tried to use the seatbelt ff extension, but I didn't know what to enter as the URL under the 'add provider' option to add LJ as a provider - I tried my LJ OpenID & their server url - but kept getting the error that it wasn't a valid seatbelt configuration file - can anyone let me know if the valid url for LJ to be able to use the seatbelt extension?
Thanks,
Alex

Barry Ferg

unread,
Dec 18, 2007, 8:33:22 PM12/18/07
to joid...@googlegroups.com
Hi Alex,

A couple more tips:

On Dec 18, 2007 1:15 AM, Alex Little <alext...@googlemail.com> wrote:
> yes, I've run the JanRain (example) consumer against my LiveJournal OpenID
> and that works fine - but this example consumer doesn't (according to my
> packet sniffer) issue an associate request - so the problem I have with the
> joid consumer never arises.

If you're having trouble with the JOID consumer code you should try
running it against the JanRain example _provider_ server. I'm pretty
sure that it supports association.

> The problem I'm having is very easy to replicate - I'm simply using the
> default example consumer from the joid.war and entering a (valid)
> LiveJournal OpenID, and then I get the error occuring with "error: unknown
> mode " response from LiveJournal during the associate request. You can try
> with my LJ OpenID: http://alextlittle.livejournal.com (I don't get as far as
> actually seeing the login form) and I'd be interested to know if other
> people get the same error I do or whether it works for them. My colleague
> has the same issue with her LJ OpenID.

I think you'll have more luck debugging the JOID consumer if you run
it with a local OP as I suggested above. At least then you'll have
more control over the OP and will be better able to figure out exactly
what is going wrong in the transaction.

> I tried to use the seatbelt ff extension, but I didn't know what to enter as
> the URL under the 'add provider' option to add LJ as a provider - I tried my
> LJ OpenID & their server url - but kept getting the error that it wasn't a
> valid seatbelt configuration file - can anyone let me know if the valid url
> for LJ to be able to use the seatbelt extension?

I don't know if LiveJournal supports the seatbelt extension or not
(probably not from the sounds of things), but that shouldn't stop you
from using the OpenID trace feature of the seatbelt extension.

Hope that helps you debug things a little,

- Barry

Alex Little

unread,
Dec 19, 2007, 5:41:29 AM12/19/07
to joid...@googlegroups.com
Hi,
I've now found out why I'm getting the error - it's because the request is being sent as a GET rather than a POST and that's what's causing the error (see the LiveJounral support request I put in: http://www.livejournal.com/support/see_request.bml?id=826242&auth=8c6h)

Now, not quite sure how to solve that, I guess the org.verigsign.joid.consumer.Util send method needs updating so it can send a post reqeust rather than just a get?

Alex

Sergey Vladimirov

unread,
Dec 19, 2007, 1:04:53 PM12/19/07
to joid...@googlegroups.com
Hi,
 
didn't help for me. I changed Util code to use HttpClient:

HttpClient client =

new HttpClient();
HttpMethod post =
new PostMethod(dest);
for (Map.Entry param : (Set<Map.Entry>) req.toMap().entrySet()) {
post.getParams().setParameter((String) param.getKey(),param.getValue ());
}
client.executeMethod(post);
in =
new BufferedReader(new InputStreamReader( post.getResponseBodyAsStream()));
Execution log:
 
INFO - Constructor: JoidConsumer
INFO - [JoidConsumer] Attempting to associate with: http://www.livejournal.com/openid/server.bml
INFO - Request=[AssociationRequest version= 2.0, namespace=http://specs.openid.net/auth/2.0, session type=DH-SHA1, association type=HMAC-SHA1]
org.verisign.joid.OpenIdException : Cannot parse response from <html><head><title>OpenID Endpoint</title></head><body>This is an OpenID server endpoint, not a human-readable resource. For more information, see <a href=' http://openid.net/'>http://openid.net/</a>.</body></html>
 
Best regards,
Sergey.
--
Sergey Vladimirov

Sergey Vladimirov

unread,
Dec 19, 2007, 1:08:19 PM12/19/07
to joid...@googlegroups.com
Hi,
 
I suppose this is the code LiveJournal using:
 
case "associate":
    
$t $_REQUEST["openid_assoc_type"
];
    if (isset(
$t) && $t !=  "HMAC-SHA1"badreq("Unknown association type"
);
    
$t time
();
    
$e $t  ASSOC_TIME
;
    
$r randbytes (KEY_LEN
);
    
$handle  make_handle($etrue $r
);
    
header("Content-Type: text/plain"
);
    print 
"assoc_type:HMAC-SHA1\nassoc_handle:"  $handle 
.
          
"\nissued:"  t2utc($t) . 
# COMPAT
          
"\nexpiry:" t2utc($e) . 
# COMPAT
          
"\nexpires_in:" ASSOC_TIME 
.
          
"\nmac_key:" base64_encode ($r
) .
          
"\n"
;
    exit;


Best regards,
Sergey
--
Sergey Vladimirov

Sergey Vladimirov

unread,
Dec 20, 2007, 1:10:48 AM12/20/07
to joid...@googlegroups.com
Hi, everybody.
 
I did it :)
The correct code for send() method is:

HttpClient client =

new HttpClient();
PostMethod post =
new PostMethod(dest);
for (Map.Entry<String, String> param : (Set<Map.Entry<String, String>>) req.toMap().entrySet()) {
post.addParameter(param.getKey(), param.getValue());
}
client.executeMethod(post);
in =
new BufferedReader( new InputStreamReader(post.getResponseBodyAsStream()));
Originally i messed up with getParams().setParam and addParameters of PostMethod.
And, original perl code is placed at:
 
With best regards,
Sergey.
 
--
Sergey Vladimirov

Alex Little

unread,
Dec 20, 2007, 3:43:02 AM12/20/07
to joid...@googlegroups.com
Excellent - cheers for this Sergey, I'll give it a go too :-)

Alex

William Ono

unread,
Jul 16, 2008, 3:14:19 PM7/16/08
to joid...@googlegroups.com
At Thu, 20 Dec 2007 09:10:48 +0300, Sergey Vladimirov wrote:
> Hi, everybody.
>
> I did it :)
> The correct code for send() method is:
>
> HttpClient client = *new* HttpClient();
> PostMethod post = *new* PostMethod(dest);
> *for* (Map.Entry<String, String> param : *(Set<Map.Entry<String, String>>)
> req.toMap().entrySet()*) {
> post.addParameter(param.getKey(), param.getValue());
> }
> client.executeMethod(post);
> in = *new* BufferedReader(*new* InputStreamReader(

> post.getResponseBodyAsStream()));
> Originally i messed up with getParams().setParam and addParameters of
> PostMethod.
> And, original perl code is placed at:
> http://search.cpan.org/src/BRADFITZ/Net-OpenID-Server-0.10/lib/Net/OpenID/Server.pm
>
> With best regards,
> Sergey.

I was surprised to see this wasn't in trunk. Here's a Java 1.4 version
of the above as a patch against r93. Hope it's useful.

The only catch is that I had to change the Request.toMap() method from
default package-private to public. There might be a better interface
but I didn't see one right away.

Thanks.

--
William Ono <a1jo...@tinny.soundwave.net>

joid-r93-post-send.patch
Reply all
Reply to author
Forward
0 new messages