Sample OP fails with "signature mismatch" error with some RPs

38 views
Skip to first unread message

Alex Little

unread,
Jan 29, 2008, 7:06:43 AM1/29/08
to OpenID4Java
Hi,

I'm trying to figure out why the sample OP in openid4java (the simple-
openid webapp) fails (with varying errors) for some RPs...

For example (each time using "openid.open.ac.uk/simple-openid/
user.jsp" as the id url):

a) using the simple-openid consumer (at http://openid.open.ac.uk/simple-openid/)
- all works fine

b) using http://ma.gnolia.com/signin: get the error: "Verification of
http://openid.open.ac.uk/simple-openid/user.jsp failed. sig mismatch"

c) using http://www.livejournal.com/openid/: get the error:
"no_head_tag: Couldn't find OpenID servers due to no head tag". If I
change to using the head/link tag (using the id url:
"openid.open.ac.uk/simple-openid/user.html") I get the error
"signature_mismatch:"

d) using http://trac.openidenabled.com/trac/login: get the error:
"login failed" (but no more details)

I realise that some of these errors could be due to the RP site
(rather than the OP), but these sites work fine with my verisign
openid url - so I think it's a problem with the OP rather than RP.

I'm having trouble figuring out what's actually going wrong - can
anyone point me to what I should be looking for to get this fixed? Or
has anyone else experienced the same problems? Feel free to try out my
id urls (as given above). Would be really good if the sample server
worked for all these sites too ;-)

Cheers & any help/advice much appreciated :-)
Alex

Johnny Bufu

unread,
Jan 29, 2008, 1:49:13 PM1/29/08
to openi...@googlegroups.com

On 29-Jan-08, at 4:06 AM, Alex Little wrote:
> b) using http://ma.gnolia.com/signin: get the error: "Verification of
> http://openid.open.ac.uk/simple-openid/user.jsp failed. sig mismatch"

The openid.signed includes the claimed_id field, which is not part of
the message (since it's a v1 response). This is a bug in the simple-
openid code -- claimed_id should not be included in the openid.signed
field.

> c) using http://www.livejournal.com/openid/: get the error:
> "no_head_tag: Couldn't find OpenID servers due to no head tag". If I
> change to using the head/link tag (using the id url:
> "openid.open.ac.uk/simple-openid/user.html") I get the error
> "signature_mismatch:"

Looks like livejournal only supports OpenID1 (and HTML discovery),
while your OP publishes only Yadis discovery. In order to be
backwards-compatible, you need to publish HTML discovery as well.


> d) using http://trac.openidenabled.com/trac/login: get the error:
> "login failed" (but no more details)

I suspect it's the same issue as b).


Johnny

Alex Little

unread,
Jan 29, 2008, 2:43:57 PM1/29/08
to openi...@googlegroups.com
Cheers Johnny, that make sense, I'll take a look and see if I can get it fixed up (and post a patch if I do),

Alex

Johnny Bufu

unread,
Jan 29, 2008, 2:52:55 PM1/29/08
to openi...@googlegroups.com

That would be great, thanks!

If you don't, would you please file a bug report at http://
code.google.com/p/openid4java/issues/list ?

Johnny

Reply all
Reply to author
Forward
0 new messages