Issue 203 in openid4java: ConsumerManager.verifyDiscovered1 is not giving enough details in VerificationResult._statusMsg
1 view
Skip to first unread message
codesite...@google.com
Dec 3, 2013, 11:03:00 PM12/3/13
to openid4java-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 203 by kohsuke....@gmail.com: ConsumerManager.verifyDiscovered1
is not giving enough details in VerificationResult._statusMsg
http://code.google.com/p/openid4java/issues/detail?id=203
In relation to my previous reported problem #202,
when a problem like that happens, it's very difficult to get any meaningful
diagnosis out of openid4java. The only error message we get is "Discovered
information verification failed." and it does not go into the details of
which aspect has failed.
In OpenID, relying party has no secret to hide from the person who's trying
to authenticate. So as much diagnostic information should be given to the
status message as possible, to diagnose configuration issues in the
server/client, etc.
For example, in ConsumerManager.verifyDiscovered1, instead of reporting
errors to the logger, those error messages should be primarily put into
VerifiedResult._statusMsg, which is where it belongs.
In the "stateless mode / bare response verification" mode, the
verifyDiscovered1 method should also report what openIDs it has discovered
and why it rejected it when it fails to find a matching one.
It would have made a troubleshooting like issue #202 very easy. As it
stands right now, it took us to attach a debugger and trace through the
code to tell, which would have been completely impractical if this had
happened at some remote site.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 203 by kohsuke....@gmail.com: ConsumerManager.verifyDiscovered1
is not giving enough details in VerificationResult._statusMsg
http://code.google.com/p/openid4java/issues/detail?id=203
In relation to my previous reported problem #202,
when a problem like that happens, it's very difficult to get any meaningful
diagnosis out of openid4java. The only error message we get is "Discovered
information verification failed." and it does not go into the details of
which aspect has failed.
In OpenID, relying party has no secret to hide from the person who's trying
to authenticate. So as much diagnostic information should be given to the
status message as possible, to diagnose configuration issues in the
server/client, etc.
For example, in ConsumerManager.verifyDiscovered1, instead of reporting
errors to the logger, those error messages should be primarily put into
VerifiedResult._statusMsg, which is where it belongs.
In the "stateless mode / bare response verification" mode, the
verifyDiscovered1 method should also report what openIDs it has discovered
and why it rejected it when it fails to find a matching one.
It would have made a troubleshooting like issue #202 very easy. As it
stands right now, it took us to attach a debugger and trace through the
code to tell, which would have been completely impractical if this had
happened at some remote site.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages