unsolicited assertion in openid 2.0
37 views
Skip to first unread message
Divyesh
Mar 27, 2012, 1:15:30 PM3/27/12
to DotNetOpenAuth
I am trying to understand OpenId 2.0 implementation using
DotNetOpenAuth. This all works,
1) Login from OP 2) Login in to RP using OpenId URL , post
authentication at OP
However, what i am not able to work is Login to OP and then directing
to RP without again user to provider credentials. It gives me an error
message at,
"An unsolicited assertion cannot be sent for the claimed identifier
http://localhost:4860/user.aspx/Bob11 because this is not an
authorized Provider for that identifier."
For that as per the sample code it uses UnSolicitated Assertion. And
is there a way to get Solicitated Assertion?
Also, i noticed that i have following entries in web.config for
whitelist. Do i need to change it to work ?
Appreciate any help around this.
Thanks
DotNetOpenAuth. This all works,
1) Login from OP 2) Login in to RP using OpenId URL , post
authentication at OP
However, what i am not able to work is Login to OP and then directing
to RP without again user to provider credentials. It gives me an error
message at,
"An unsolicited assertion cannot be sent for the claimed identifier
http://localhost:4860/user.aspx/Bob11 because this is not an
authorized Provider for that identifier."
For that as per the sample code it uses UnSolicitated Assertion. And
is there a way to get Solicitated Assertion?
Also, i noticed that i have following entries in web.config for
whitelist. Do i need to change it to work ?
Appreciate any help around this.
Thanks
Andrew Arnott
Mar 27, 2012, 8:08:04 PM3/27/12
to dotnet...@googlegroups.com
Hi Divyesh,
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
So to reiterate your scenario to make sure I have it right: You want to enable the user to be able to...
- Navigate their browser to the OP web site (directly)
- Log into their OP (if they are not already logged in)
- Click a button at the OP that will redirect the user to the RP and automatically log them in there.
That is what an unsolicited assertion enables. The error you are seeing is because DNOA at the OP can already tell that the RP will reject the assertion, because the claimed identifier being asserted doesn't approve of this OP to assert the identity. This is likely because your user.aspx page has the wrong OP Identifier in it. You can enable (verbose) logging at the OP and repro the problem, then inspect the logs to see what DNOA is detecting as the authorized OP and what it detects as the actual OP so you can reconcile the differences.
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Reply all
Reply to author
Forward
0 new messages