Yahoo says my site's identity is not confirmed.
HappyEngineer
website has not confirmed its identity with Yahoo! and might be
fraudulent. Do not share any personal information with this website
unless you are certain it is legitimate."
The user can continue, but I am not receiving any attributes at all. I
don't know if these issues are related or if I'm somehow asking for
the attributes incorrectly.
I am actually trying both ways of getting attributes:
// obtain a AuthRequest message to be sent to the OpenID
provider
AuthRequest authReq = manager.authenticate(discovered,
returnToUrl);
// Attribute Exchange example: fetching attributes like
email.
{
FetchRequest fetch =
FetchRequest.createFetchRequest();
fetch.addAttribute(OPENID_ATTRIB_FirstName, "http://
schema.openid.net/namePerson/first", true);
fetch.addAttribute(OPENID_ATTRIB_LastName, "http://
schema.openid.net/namePerson/last", true);
fetch.addAttribute(OPENID_ATTRIB_Email, // attribute
alias
"http://schema.openid.net/contact/
email", // type URI
true); // is required
// wants up to 1 email address
fetch.setCount("Email", 1);
// attach the extension to the authentication request
authReq.addExtension(fetch);
}
{
SRegRequest sregReq =
SRegRequest.createFetchRequest();
sregReq.addAttribute("fullname", true);
sregReq.addAttribute("nickname", true);
sregReq.addAttribute("email", true);
authReq.addExtension(sregReq);
}
I then look at the results by doing:
{
Map<String,String> paramMap =
authSuccess.getParameterMap();
for(Map.Entry<String,String> param :
paramMap.entrySet()) {
Logger.getLogger(getClass()).debug("PARAM1:
\""+ param.getKey() +"\"=\""+ param.getValue() +"\"");
}
}
Set<String> fetchExtUris =
authSuccess.getExtensions();
Logger.getLogger(getClass()).debug("fetchExtUris.size()="+
fetchExtUris.size() );
for(String uri : fetchExtUris) {
Logger.getLogger(getClass()).debug("fetchExtUris
uri=\""+ uri +"\"");
MessageExtension ext =
authSuccess.getExtension(uri);
ParameterList paramList = ext.getParameters();
List<Parameter> params =
paramList.getParameters();
if(params!=null) {
for(Parameter param : params) {
Logger.getLogger(getClass()).debug("PARAM2: \""+ param.getKey() +"\"=
\""+ param.getValue() +"\"");
}
}
}
None of the params have the first name, last name, or email in them.
Johnny Bufu
On 17-Feb-08, at 12:15 AM, HappyEngineer wrote:
> When I attempt to login using a yahoo openid it says "Warning: This
> website has not confirmed its identity with Yahoo! and might be
> fraudulent. Do not share any personal information with this website
> unless you are certain it is legitimate."
To avoid this warning your RP need to publish RP discovery
information; see
http://code.google.com/p/openid4java/wiki/RelyingPartyDiscovery
> The user can continue, but I am not receiving any attributes at all. I
> don't know if these issues are related or if I'm somehow asking for
> the attributes incorrectly.
As far as I know Yahoo does not support SReg or AX. It may be worth
asking them at
openid-...@yahoo-inc.com
Johnny
HappyEngineer
> asking them at
What is the point of using openid if all it does is give the user a
unique identifier that tracks them across sites? They would still have
to choose a unique local username as well as enter any required
information like birth date.
It seems to me that using openid without attributes would just cause
the registration process to take even longer than it would if openid
wasn't used at all.
I suppose that from the user's point of view it would be a slightly
longer registration than normal, but they wouldn't need to remember
more than one password.
Dang. I was hoping to encourage more drive-by people to use my sites
while logged in by using openid. But, if they need to enter
registration information anyway then it doesn't seem likely to help
much.
Johnny Bufu
On 19-Feb-08, at 2:08 AM, HappyEngineer wrote:
>> As far as I know Yahoo does not support SReg or AX. It may be worth
>> asking them at
>> openid-feedb...@yahoo-inc.com
>
> What is the point of using openid if all it does is give the user a
> unique identifier that tracks them across sites?
>
> They would still have
> to choose a unique local username as well as enter any required
> information like birth date.
Building reputation, not having to remember lots of passwords, more
secure authentication at the OP (as applicable).
I'm not disagreeing that AX is useful (on the contrary, and
especially with site registration!), just pointing out that OpenID
Authentication does have value in itself.
> It seems to me that using openid without attributes would just cause
> the registration process to take even longer than it would if openid
> wasn't used at all.
>
> I suppose that from the user's point of view it would be a slightly
> longer registration than normal, but they wouldn't need to remember
> more than one password.
The site-specific username (if any) would not have to be remembered
either.
> Dang. I was hoping to encourage more drive-by people to use my sites
> while logged in by using openid. But, if they need to enter
> registration information anyway then it doesn't seem likely to help
> much.
These are all very good issues, and again I recommend that you let
the Yahoo people know your opinion. My impression is that they truly
appreciate feedback.
Johnny
Cameron Taggart
authenticate with providers like signon.com and myopenid.com. Yahoo!
works also, but I get that warning. I haven't been able to figure out
how to get rid of it. Any help would be appreciated.
Yahoo! is doing a GET on my returnto_url. I'm not sure what they are
looking for there. I was hoping it was this:
<meta http=equiv="x-xrds-location" content="https://test.fluketeam.com/
openid?do=xrds" />
But that didn't seem to work. If anyone is willing to briefly look at
it, point your browser to:
https://test.fluketeam.com/
and enter "yahoo.com", then click "Sign In".
thanks,
Cameron
On Feb 18, 10:34 am, Johnny Bufu <joh...@sxip.com> wrote:
> On 17-Feb-08, at 12:15 AM, HappyEngineer wrote:
>
> > When I attempt to login using a yahoo openid it says "Warning: This
> > website has not confirmed its identity with Yahoo! and might be
> > fraudulent. Do not share any personal information with this website
> > unless you are certain it is legitimate."
>
> To avoid this warning your RP need to publish RP discovery
> > The user can continue, but I am not receiving any attributes at all. I
> > don't know if these issues are related or if I'm somehow asking for
> > the attributes incorrectly.
>
> As far as I know Yahoo does not support SReg or AX. It may be worth
> asking them at
>
> Johnny
Cameron Taggart
authenticate with providers like signon.com and myopenid.com. Yahoo!
works also, but I get that warning. I haven't been able to figure out
how to get rid of it. Any help would be appreciated.
Yahoo! is doing a GET on my returnto_url. I'm not sure what they are
looking for there. I was hoping it was this:
<meta http=equiv="x-xrds-location" content="https://test.fluketeam.com/
openid?do=xrds" />
But that didn't seem to work. If anyone is willing to briefly look at
it, point your browser to:
https://test.fluketeam.com/
and enter "yahoo.com", then click "Sign In".
thanks,
Cameron
On Feb 18, 10:34 am, Johnny Bufu <joh...@sxip.com> wrote:
>
> > When I attempt to login using a yahoo openid it says "Warning: This
> > website has not confirmed its identity with Yahoo! and might be
> > fraudulent. Do not share any personal information with this website
> > unless you are certain it is legitimate."
>
> To avoid this warning your RP need to publish RP discovery
> > The user can continue, but I am not receiving any attributes at all. I
> > don't know if these issues are related or if I'm somehow asking for
> > the attributes incorrectly.
>
> As far as I know Yahoo does not support SReg or AX. It may be worth
> asking them at
>
> Johnny
Johnny Bufu
On 25-Feb-08, at 1:37 PM, Cameron Taggart wrote:
> Yahoo! is doing a GET on my returnto_url. I'm not sure what they are
> looking for there.
They are doing RP dicovery; see:
http://code.google.com/p/openid4java/wiki/RelyingPartyDiscovery
Johnny
Cameron Taggart
document:
$ curl -ik https://test.fluketeam.com/openid?do=xrds
HTTP/1.1 200 OK
Date: Mon, 25 Feb 2008 22:00:03 GMT
Content-Type: application/xrds+xml; charset=utf-8
Content-Length: 296
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service xmlns="xri://$xrd*($v*2.0)">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>https://test.fluketeam.com/openid?do=authenticate</URI>
</Service>
</XRD>
</xrds:XRDS>
I'm a little confused on how Yahoo! discovers where to find the XRDS
document. I noticed Yahoo! OpenID authentication works when
authenticating with plaxo.com. Any other examples?
$ curl -i http://www.plaxo.com/openid?actionType=complete
HTTP/1.1 200 OK
Date: Mon, 25 Feb 2008 22:10:51 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/
TR/html4/strict.dtd">
<html>
<head>
<link rel="shortcut icon" href="/webapps/common/img/
plaxo30favicon.ico" type="image/x-icon" />
<title>Plaxo OpenID</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="x-xrds-location" content="http://www.plaxo.com/
openid?t=xrds" />
$ curl -i http://www.plaxo.com/openid?t=xrds
HTTP/1.1 200 OK
Date: Mon, 25 Feb 2008 22:16:04 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: application/xrds+xml; charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service xmlns="xri://$xrd*($v*2.0)">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>http://www.plaxo.com/openid?actionType=complete</URI>
</Service>
</XRD>
</xrds:XRDS>
I'm not sure why my test site is getting a warning and theirs isn't.
I don't see anything in the spec regarding a header like this:
<meta http-equiv="x-xrds-location" content"" />
Cameron
Johnny Bufu
On 25-Feb-08, at 2:24 PM, Cameron Taggart wrote:
> I reviewed that and the spec. I have that information in my XRDS
> document:
>
> $ curl -ik https://test.fluketeam.com/openid?do=xrds
It seems then that Yahoo's Yadis discovery fails on https://
test.fluketeam.com/openid?do=authenticate.
Try using https://test.fluketeam.com/openid as the realm, and then
have the xrds file served directly at this URL. You can also try
letting them know that your apparently proper RP discovery setup
fails their tests.
> I'm a little confused on how Yahoo! discovers where to find the XRDS
> document.
It performs Yadis discovery on the realm or return_to that your RP
sends in auth requests.
"The relying party MAY publish this information at any URL, and
SHOULD publish it under the realm so that providers can verify
return_to URLs."
http://openid.net/specs/openid-authentication-2_0.html#rp_discovery
> I noticed Yahoo! OpenID authentication works when
> authenticating with plaxo.com. Any other examples?
https://verify.sxip.com/papedemo/
Johnny
Cameron Taggart
are already working on a fix for. I simply had to set the content
type header as the workaround:
response.setContentType("text/html");
response.setHeader("X-XRDS-Location", "https://test.fluketeam.com/
openid?do=xrds");
And through testing, only the X-XRDS-Location header is needed, not:
It is working now.
Cameron
On Feb 25, 2:49 pm, Johnny Bufu <joh...@sxip.com> wrote:
> On 25-Feb-08, at 2:24 PM, Cameron Taggart wrote:
>
> > I reviewed that and the spec. I have that information in my XRDS
> > document:
>
> It seems then that Yahoo's Yadis discovery fails on https://
> test.fluketeam.com/openid?do=authenticate.
>
Johnny Bufu
On 26-Feb-08, at 12:26 PM, Cameron Taggart wrote:
> Thanks for your help. I contacted Yahoo and they have a tiny bug they
> are already working on a fix for. I simply had to set the content
> type header as the workaround:
>
> response.setContentType("text/html");
> response.setHeader("X-XRDS-Location", "https://test.fluketeam.com/
> openid?do=xrds");
Good to hear that it's working for you.
> And through testing, only the X-XRDS-Location header is needed,
I'd agree that the header is sufficient, but it's not needed (as in
required).
> not:
> <meta http=equiv="x-xrds-location" content="https://
> test.fluketeam.com/
> openid?do=xrds" />
A correct Yadis implementation will take either into account, with
the preference given to the header. Also, text/html content-type for
the XRDS document is acceptable per the Yadis spec.
It's also good to know that Yahoo is working on fixing these glitches.
Johnny
webn...@gmail.com
verify. When it redirects to YAHOO it says my site hasn't confirmed
the identity with YAHOO even though I have configured my app to
produce RP discovery. What could be wrong?
RP Discovery url: https://tib.stg.securedby.covisint.com/fed/app/sp.openid20
openid.ns:http://specs.openid.net/auth/2.0
openid.claimed_id:http://specs.openid.net/auth/2.0/identifier_select
openid.identity:http://specs.openid.net/auth/2.0/identifier_select
openid.return_to:https://tib.stg.securedby.covisint.com/fed/app/
sp.openid20?action=consume
openid.realm:https://tib.stg.securedby.covisint.com/fed/app/
sp.openid20
openid.assoc_handle:xxxxx -
openid.mode:checkid_setup
I don't see yahoo communiticating with the XRDS url, How does IDP
discover RP?
Cameron Taggart
66.163.170.98 - - [08/Apr/2008:00:13:11 +0000] "GET /openid?do=verify HTTP/1.1" 200 1308 "-" "-"
66.163.170.98 - - [08/Apr/2008:00:13:11 +0000] "GET /openid?do=xrds HTTP/1.1" 200 328 "-" "-"
$ nslookup 66.163.170.98
Name: oid03.member.sp1.yahoo.com
Address: 66.163.170.98
Your return_to URL must be accessible on the Internet. When I try to look at it using "curl -i", I can't access it.
Cameron
webn...@gmail.com
opening up to internet, it is working now.
Thanks for the input!!!
On Apr 7, 8:28 pm, "Cameron Taggart" <cameron.tagg...@gmail.com>
wrote:
> your return_to URL. It then will look at your XRDS document and verify the
> return_to URL. Here is what my request log says:
>
> 66.163.170.98 - - [08/Apr/2008:00:13:11 +0000] "GET /openid?do=verify
> HTTP/1.1" 200 1308 "-" "-"
> 66.163.170.98 - - [08/Apr/2008:00:13:11 +0000] "GET /openid?do=xrds
> HTTP/1.1" 200 328 "-" "-"
>
> $ nslookup 66.163.170.98
> Name: oid03.member.sp1.yahoo.com
> Address: 66.163.170.98
>
> Your return_to URL must be accessible on the Internet. When I try to look
> at it using "curl -i", I can't access it.
>
> Cameron
>
>
>
>
> > I am trying to setup the RP using openid4java and used yahoo openid to
> > verify. When it redirects to YAHOO it says my site hasn't confirmed
> > the identity with YAHOO even though I have configured my app to
> > produce RP discovery. What could be wrong?
>
> > RP Discovery url:
> >https://tib.stg.securedby.covisint.com/fed/app/sp.openid20
>
> > openid.ns:http://specs.openid.net/auth/2.0
> > openid.claimed_id:http://specs.openid.net/auth/2.0/identifier_select
> > openid.identity:http://specs.openid.net/auth/2.0/identifier_select
> > openid.return_to:https://tib.stg.securedby.covisint.com/fed/app/