Return_To URL verification failed

561 views
Skip to first unread message

rsoika

unread,
Jan 18, 2010, 10:09:41 AM1/18/10
to OpenID4Java
Hi,

I have a Problem on my productive server which I did not seen on my
local test machine.
After I received the auth response form the openID Provider the
ConsumerManager.verifyReturnTo() method fails with the following
exception:

INFO 2010-01-18 16:01:07,208 ConsumerManager:verify - Received
positive auth response.
DEBUG 2010-01-18 16:01:07,209 InternetDateFormat:parse - Parsed
2010-01-18T15:01:02Z into Data object: Mon Jan 18 16:01:02 GMT+01:00
2010
DEBUG 2010-01-18 16:01:07,210 ConsumerManager:verifyReturnTo -
Verifying return URL; receiving:
http://www.shareyourwork.org/syw/openidlogin.jsf?openid.assoc_handle=%7BHMAC-SHA256%7D%7B4b5477a0%7D%7Bvc2K0w%3D%3D%7D&openid.claimed_id=http%3A%2F%2Frsoika.myopenid.com%2F&openid.identity=http%3A%2F%2Frsoika.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2010-01-18T15%3A01%3A02ZDk8JI8&openid.return_to=http%3A%2F%2Fwww.shareyourwork.org%3A80%2Fsyw%2Fopenidlogin.jsf&openid.sig=8h1gfwiJhEu1b7SXX1NXoKyCl8yUwLDAy4LHrrLQMoM%3D&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned
message: http://www.shareyourwork.org:80/syw/openidlogin.jsf
DEBUG 2010-01-18 16:01:07,211 ConsumerManager:verifyReturnTo - Return
URL schema, authority or path verification failed.
ERROR 2010-01-18 16:01:07,211 ConsumerManager:verify - Return_To URL
verification failed.


Below I post the hole log entries of the complete authentification
lifecycle.
Maybe anybody knows this problem?

Thanks a lot
Ralph

===========================================
log output
===========================================

INFO 2010-01-18 16:00:08,067 RebuildWebsiteIndexOperation:doRun -
Completed rebuilding index for all users in '29.691' secs
WARN 2010-01-18 16:00:15,031 SkinFactoryImpl:getSkinOrName - Init
parameter for a skin name changed to org.richfaces.SKIN
DEBUG 2010-01-18 16:00:51,224 OpenID4JavaUtils:loadProperties -
Resource /openid4java.properties not found.
DEBUG 2010-01-18 16:00:51,226 HtmlResolver:<clinit> -
discovery.html.parser:org.openid4java.discovery.html.CyberNekoDOMHtmlParser
DEBUG 2010-01-18 16:00:51,272 YadisResolver:<clinit> -
discovery.yadis.html.parser:org.openid4java.discovery.yadis.CyberNekoDOMYadisHtmlParser
DEBUG 2010-01-18 16:00:51,276 YadisResolver:<clinit> -
discovery.xrds.parser:org.openid4java.discovery.xrds.XrdsParserImpl
DEBUG 2010-01-18 16:00:51,281 Discovery:<clinit> -
discovery.xri.resolver:org.openid4java.discovery.xri.XriDotNetProxyResolver
DEBUG 2010-01-18 16:00:51,333 XriDotNetProxyResolver:<clinit> -
discovery.xrds.parser:org.openid4java.discovery.xrds.XrdsParserImpl
WARN 2010-01-18 16:00:51,353 RealmVerifier:setEnforceRpId - RP
discovery / realm validation disabled;
WARN 2010-01-18 16:00:51,361 RealmVerifier:setEnforceRpId - RP
discovery / realm validation disabled;
DEBUG 2010-01-18 16:00:51,363 Discovery:parseIdentifier - Creating URL
identifier for: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:51,368 UrlIdentifier:normalize - Normalized:
http://rsoika.myopenid.com/ to: http://rsoika.myopenid.com/
INFO 2010-01-18 16:00:51,370 Discovery:discover - Starting discovery
on URL identifier: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:51,377 YadisResolver:retrieveXrdsLocation -
Performing HTTP HEAD on: http://rsoika.myopenid.com/ ...
DEBUG 2010-01-18 16:00:51,914 YadisResult:setXrdsLocation - Setting X-
XRDS-Location for yadis result: http://rsoika.myopenid.com/?xrds=1
DEBUG 2010-01-18 16:00:52,561 HttpCache:get - Read 1554 bytes.
DEBUG 2010-01-18 16:00:52,563 YadisResult:setXrdsLocation - Setting X-
XRDS-Location for yadis result: http://rsoika.myopenid.com/?xrds=1
DEBUG 2010-01-18 16:00:52,564 XrdsParserImpl:parseXrds - Parsing XRDS
input for service types: [http://openid.net/signon/1.0, http://openid.net/signon/1.1,
http://specs.openid.net/auth/2.0/server, http://specs.openid.net/auth/2.0/signon]
DEBUG 2010-01-18 16:00:52,565 XrdsParserImpl:parseXmlInput - Parsing
XRDS input: <?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD version="2.0">
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-
resistant</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<URI>http://www.myopenid.com/server</URI>
<LocalID>http://rsoika.myopenid.com/</LocalID>
</Service>
<Service priority="1">
<Type>http://openid.net/signon/1.1</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-
resistant</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<URI>http://www.myopenid.com/server</URI>
<openid:Delegate>http://rsoika.myopenid.com/</openid:Delegate>
</Service>
<Service priority="2">
<Type>http://openid.net/signon/1.0</Type>
<Type>http://openid.net/sreg/1.0</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://schemas.openid.net/pape/policies/2007/06/phishing-
resistant</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<URI>http://www.myopenid.com/server</URI>
<openid:Delegate>http://rsoika.myopenid.com/</openid:Delegate>
</Service>
</XRD>
</xrds:XRDS>

DEBUG 2010-01-18 16:00:52,650 XrdsParserImpl:parseXrds - Found 3
services for the requested types.
DEBUG 2010-01-18 16:00:52,654 XrdsParserImpl:parseXrds - Discovered
endpoint:
Service priority: 0
Type: [http://schemas.openid.net/pape/policies/2007/06/phishing-
resistant, http://openid.net/srv/ax/1.0, http://openid.net/sreg/1.0,
http://openid.net/extensions/sreg/1.1, http://specs.openid.net/auth/2.0/signon]
URI: http://www.myopenid.com/server
URI Priority: -1
LocalID: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:52,656 XrdsParserImpl:parseXrds - Discovered
endpoint:
Service priority: 1
Type: [http://schemas.openid.net/pape/policies/2007/06/phishing-
resistant, http://openid.net/srv/ax/1.0, http://openid.net/sreg/1.0,
http://openid.net/signon/1.1, http://openid.net/extensions/sreg/1.1]
URI: http://www.myopenid.com/server
URI Priority: -1
LocalID: null
DEBUG 2010-01-18 16:00:52,656 XrdsParserImpl:parseXrds - Discovered
endpoint:
Service priority: 2
Type: [http://openid.net/signon/1.0, http://schemas.openid.net/pape/policies/2007/06/phishing-resistant,
http://openid.net/srv/ax/1.0, http://openid.net/sreg/1.0,
http://openid.net/extensions/sreg/1.1]
URI: http://www.myopenid.com/server
URI Priority: -1
LocalID: null
INFO 2010-01-18 16:00:52,657 YadisResolver:discover - Yadis
discovered 3 endpoints from: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:52,658 UrlIdentifier:normalize - Normalized:
http://rsoika.myopenid.com/ to: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:52,659 UrlIdentifier:normalize - Normalized:
http://rsoika.myopenid.com/ to: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:52,660 UrlIdentifier:normalize - Normalized:
http://rsoika.myopenid.com/ to: http://rsoika.myopenid.com/
INFO 2010-01-18 16:00:52,661 Discovery:discover - Discovered 3 OpenID
endpoints.
INFO 2010-01-18 16:00:52,662 ConsumerManager:associate - Trying to
associate with http://www.myopenid.com/server attempts left: 4
WARN 2010-01-18 16:00:52,663 ConsumerManager:createAssociationRequest
- Could not create association of type: no-encryption:HMAC-
SHA1:OpenID2
WARN 2010-01-18 16:00:52,664 ConsumerManager:createAssociationRequest
- Could not create association of type: no-encryption:HMAC-
SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,711 DiffieHellmanSession:create - Created DH
session: DH-SHA1:HMAC-SHA1:OpenID2 base: 2 modulus:
155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
DEBUG 2010-01-18 16:00:52,727 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:52,729 AssociationRequest:<init> - Creating
association request, type: DH-SHA1:HMAC-SHA1:OpenID2DH session: DH-
SHA1:HMAC-SHA1:OpenID2 base: 2 modulus:
155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
DEBUG 2010-01-18 16:00:52,735 AssociationSessionType:create -
Session:Association Type: DH-SHA1:HMAC-SHA1:OpenID2
DEBUG 2010-01-18 16:00:52,736
AssociationRequest:createAssociationRequest - Created association
request:
openid.ns:http://specs.openid.net/auth/2.0
openid.mode:associate
openid.session_type:DH-SHA1
openid.assoc_type:HMAC-SHA1
openid.dh_consumer_public:ANmIr6q9+TfL8Nk9vBaFU6fRjFBkbOOQItrg/
2QwAQklb42w3h44dGAS5BllXPIVTjjXtnQh4Vzwwfzy5f9MvFDQul4DdRQSg8T/
vjsxuWp111s2am1eYdVAaGsgbQYxpb5Y1yyjsu1hWBGNFGXWIQ85Z+lC0G0h0hx
+XrYRr8uv

DEBUG 2010-01-18 16:00:52,769 DiffieHellmanSession:create - Created DH
session: DH-SHA256:HMAC-SHA256:OpenID2 base: 2 modulus:
155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
DEBUG 2010-01-18 16:00:52,770 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:52,772 AssociationRequest:<init> - Creating
association request, type: DH-SHA256:HMAC-SHA256:OpenID2DH session: DH-
SHA256:HMAC-SHA256:OpenID2 base: 2 modulus:
155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
DEBUG 2010-01-18 16:00:52,773 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,774
AssociationRequest:createAssociationRequest - Created association
request:
openid.ns:http://specs.openid.net/auth/2.0
openid.mode:associate
openid.session_type:DH-SHA256
openid.assoc_type:HMAC-SHA256
openid.dh_consumer_public:ANxkkD2BGJHobctIuJD6fl13Nr+p0OBFlydG5HQm+Otl/
k2N2v/DLhLreo9VOWO/xBMsQQLRHkHQUOkWlb0sBZkezPsQ/0jz9z/
bhAeMYKqWZe7yFgejqzpSf078JnXMoUpdyB8Hy8PqPRx2/
SwBF3lTAhp1O9bsqGWGMuO2JYGl

DEBUG 2010-01-18 16:00:52,774 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,775 ConsumerManager:associate - Trying
association type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,776 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,776 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:52,777 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:52,791 ConsumerManager:call - Performing HTTP
POST on http://www.myopenid.com/server
DEBUG 2010-01-18 16:00:53,495 ParameterList:createFromKeyValueForm -
Creating parameter list from key-value form:
assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
assoc_type:HMAC-SHA256
dh_server_public:cNsZW3BafaxYPe7GuARhdfzYHeh4J4xAOBHRkS6D7mtkt1VXKuxpvs0uTmijt3MfIwxKmAZfLI5hmF5e9vfYbQ
+aTqv+lX0JTIDDXR/mSBmsMX5yRT4OfW8CuwYwH37TMg
+3MdVBYTlY4lPTobv0fAN1CqGIv0GSF5rTO6H5BcU=
enc_mac_key:84KH/UWkPXJYG0c0eSvXSSYMfxA/SeAhkCGlVJZTex8=
expires_in:1209600
ns:http://specs.openid.net/auth/2.0
session_type:DH-SHA256

DEBUG 2010-01-18 16:00:53,496 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:53,497 ParameterList:copyOf - Copying parameter
list:
assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
assoc_type:HMAC-SHA256
dh_server_public:cNsZW3BafaxYPe7GuARhdfzYHeh4J4xAOBHRkS6D7mtkt1VXKuxpvs0uTmijt3MfIwxKmAZfLI5hmF5e9vfYbQ
+aTqv+lX0JTIDDXR/mSBmsMX5yRT4OfW8CuwYwH37TMg
+3MdVBYTlY4lPTobv0fAN1CqGIv0GSF5rTO6H5BcU=
enc_mac_key:84KH/UWkPXJYG0c0eSvXSSYMfxA/SeAhkCGlVJZTex8=
expires_in:1209600
ns:http://specs.openid.net/auth/2.0
session_type:DH-SHA256

DEBUG 2010-01-18 16:00:53,498 ConsumerManager:call - Retrived
response:
assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
assoc_type:HMAC-SHA256
dh_server_public:cNsZW3BafaxYPe7GuARhdfzYHeh4J4xAOBHRkS6D7mtkt1VXKuxpvs0uTmijt3MfIwxKmAZfLI5hmF5e9vfYbQ
+aTqv+lX0JTIDDXR/mSBmsMX5yRT4OfW8CuwYwH37TMg
+3MdVBYTlY4lPTobv0fAN1CqGIv0GSF5rTO6H5BcU=
enc_mac_key:84KH/UWkPXJYG0c0eSvXSSYMfxA/SeAhkCGlVJZTex8=
expires_in:1209600
ns:http://specs.openid.net/auth/2.0
session_type:DH-SHA256

DEBUG 2010-01-18 16:00:53,502 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:53,503 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:53,504
AssociationResponse:createAssociationResponse - Created association
response from message parameters:
assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
assoc_type:HMAC-SHA256
dh_server_public:cNsZW3BafaxYPe7GuARhdfzYHeh4J4xAOBHRkS6D7mtkt1VXKuxpvs0uTmijt3MfIwxKmAZfLI5hmF5e9vfYbQ
+aTqv+lX0JTIDDXR/mSBmsMX5yRT4OfW8CuwYwH37TMg
+3MdVBYTlY4lPTobv0fAN1CqGIv0GSF5rTO6H5BcU=
enc_mac_key:84KH/UWkPXJYG0c0eSvXSSYMfxA/SeAhkCGlVJZTex8=
expires_in:1209600
ns:http://specs.openid.net/auth/2.0
session_type:DH-SHA256

DEBUG 2010-01-18 16:00:53,505 AssociationResponse:getAssociation -
Retrieving MAC key from association response...
DEBUG 2010-01-18 16:00:53,506 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:53,538 DiffieHellmanSession:decryptMacKey -
Decrypted MAC key Base64: /n+3I+7ElmgiPitP14YIHDfzdUqnOIT+8saKrlENUTw=
DEBUG 2010-01-18 16:00:53,539 AssociationResponse:getAssociation -
Decrypted MAC key (base64): /n+3I+7ElmgiPitP14YIHDfzdUqnOIT
+8saKrlENUTw=
DEBUG 2010-01-18 16:00:53,540 Association:<init> - Creating
association, type: HMAC-SHA256 handle: {HMAC-SHA256}{4b5477a0}
{vc2K0w==} expires: Mon Feb 01 16:00:53 GMT+01:00 2010
DEBUG 2010-01-18 16:00:53,541 AssociationResponse:getAssociation -
Created association for handle: {HMAC-SHA256}{4b5477a0}{vc2K0w==}
DEBUG 2010-01-18 16:00:53,542 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:53,542 AssociationSessionType:create -
Session:Association Type: DH-SHA256:HMAC-SHA256:OpenID2
DEBUG 2010-01-18 16:00:53,543 InMemoryConsumerAssociationStore:save -
Adding association to the in-memory store: {HMAC-SHA256}{4b5477a0}
{vc2K0w==} with OP: http://www.myopenid.com/server
INFO 2010-01-18 16:00:53,544 ConsumerManager:associate - Associated
with http://www.myopenid.com/server handle: {HMAC-SHA256}{4b5477a0}
{vc2K0w==}
INFO 2010-01-18 16:00:53,546 ConsumerManager:authenticate - Creating
authentication request for OP-endpoint: http://www.myopenid.com/server
claimedID: http://rsoika.myopenid.com/ OP-specific ID: http://rsoika.myopenid.com/
DEBUG 2010-01-18 16:00:53,550 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:00:53,551 RealmVerifier:match - Verifying realm:
http://www.shareyourwork.org:80/syw/openidlogin.jsf on return URL:
http://www.shareyourwork.org:80/syw/openidlogin.jsf
INFO 2010-01-18 16:00:53,552 RealmVerifier:match - Return URL:
http://www.shareyourwork.org:80/syw/openidlogin.jsf matches realm:
http://www.shareyourwork.org:80/syw/openidlogin.jsf
DEBUG 2010-01-18 16:00:53,553 AuthRequest:createAuthRequest - Created
auth request:
openid.ns:http://specs.openid.net/auth/2.0
openid.claimed_id:http://rsoika.myopenid.com/
openid.identity:http://rsoika.myopenid.com/
openid.return_to:http://www.shareyourwork.org:80/syw/openidlogin.jsf
openid.realm:http://www.shareyourwork.org:80/syw/openidlogin.jsf
openid.assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
openid.mode:checkid_setup

DEBUG 2010-01-18 16:01:07,198 ParameterList:<init> - Creating
parameter list:
openid.assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
openid.claimed_id:http://rsoika.myopenid.com/
openid.identity:http://rsoika.myopenid.com/
openid.mode:id_res
openid.ns:http://specs.openid.net/auth/2.0
openid.op_endpoint:http://www.myopenid.com/server
openid.response_nonce:2010-01-18T15:01:02ZDk8JI8
openid.return_to:http://www.shareyourwork.org:80/syw/openidlogin.jsf
openid.sig:8h1gfwiJhEu1b7SXX1NXoKyCl8yUwLDAy4LHrrLQMoM=
openid.signed:assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed

INFO 2010-01-18 16:01:07,200 ConsumerManager:verify - Verifying
authentication response...
DEBUG 2010-01-18 16:01:07,203 ParameterList:<init> - Created empty
parameter list.
DEBUG 2010-01-18 16:01:07,206 InternetDateFormat:parse - Parsed
2010-01-18T15:01:02Z into Data object: Mon Jan 18 16:01:02 GMT+01:00
2010
DEBUG 2010-01-18 16:01:07,207 AuthSuccess:createAuthSuccess - Created
positive auth response:
openid.assoc_handle:{HMAC-SHA256}{4b5477a0}{vc2K0w==}
openid.claimed_id:http://rsoika.myopenid.com/
openid.identity:http://rsoika.myopenid.com/
openid.mode:id_res
openid.ns:http://specs.openid.net/auth/2.0
openid.op_endpoint:http://www.myopenid.com/server
openid.response_nonce:2010-01-18T15:01:02ZDk8JI8
openid.return_to:http://www.shareyourwork.org:80/syw/openidlogin.jsf
openid.sig:8h1gfwiJhEu1b7SXX1NXoKyCl8yUwLDAy4LHrrLQMoM=
openid.signed:assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed

INFO 2010-01-18 16:01:07,208 ConsumerManager:verify - Received
positive auth response.
DEBUG 2010-01-18 16:01:07,209 InternetDateFormat:parse - Parsed
2010-01-18T15:01:02Z into Data object: Mon Jan 18 16:01:02 GMT+01:00
2010
DEBUG 2010-01-18 16:01:07,210 ConsumerManager:verifyReturnTo -
Verifying return URL; receiving:
http://www.shareyourwork.org/syw/openidlogin.jsf?openid.assoc_handle=%7BHMAC-SHA256%7D%7B4b5477a0%7D%7Bvc2K0w%3D%3D%7D&openid.claimed_id=http%3A%2F%2Frsoika.myopenid.com%2F&openid.identity=http%3A%2F%2Frsoika.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2010-01-18T15%3A01%3A02ZDk8JI8&openid.return_to=http%3A%2F%2Fwww.shareyourwork.org%3A80%2Fsyw%2Fopenidlogin.jsf&openid.sig=8h1gfwiJhEu1b7SXX1NXoKyCl8yUwLDAy4LHrrLQMoM%3D&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned
message: http://www.shareyourwork.org:80/syw/openidlogin.jsf
DEBUG 2010-01-18 16:01:07,211 ConsumerManager:verifyReturnTo - Return
URL schema, authority or path verification failed.
ERROR 2010-01-18 16:01:07,211 ConsumerManager:verify - Return_To URL
verification failed.

rsoika

unread,
Jan 18, 2010, 11:12:53 AM1/18/10
to OpenID4Java
The reason for this problem seems to be our web server configuration.
The OpenID Provider responses with a URL like "http://
www.shareyourwork.org:80/syw"
But our virtual Host Configuration cuts of the port number so the URL
will become "http://www.shareyourwork.org/syw"

As a result my verify Method of my login module fails.
The code I used was from the sample app:

....
ParameterList response = new ParameterList(request
.getParameterMap());
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (queryString != null && queryString.length() > 0) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response; ConsumerManager needs to be the same
// (static) instance used to place the authentication request
VerificationResult verification = getConsumerManager(request)
.verify(receivingURL.toString(), response, discovered);
......

The consumerManager.verify() method fails now becose the first URL did
not contain the port number 80!

I solved the problem with a check of the receivingURL for port 80 - if
no port is provided I now add the default port:

// is no port is provided here add port 80
try {
URL urlReceifing = new URL(receivingURL.toString());
if (urlReceifing.getPort() == -1) {
// no port! so add port 80!
urlReceifing = new URL(urlReceifing.getProtocol(),
urlReceifing.getHost(), 80, urlReceifing.getFile());
receivingURL = new StringBuffer(urlReceifing.toString());
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}


So now my module works fine! :-)

Reply all
Reply to author
Forward
0 new messages