Realm verification failed for:

[tony...@gmail.com]

I am working on adding OpenID to my web app. i get the error message
"Realm verification failed for: " ...

SEVERE: Discovery failed on realm: https://stage.imobilesystems.com/Product/ProcessLogInOpenID.jsp
org.openid4java.discovery.yadis.YadisException: 1800: A Yadis Resource
Descriptor URL MUST be an absolute URL and it must be HTTP or HTTPS;
found: null
at
org.openid4java.discovery.yadis.YadisResult.setXrdsLocation(YadisResult.java:
111)

...
does anyhone have a suggestion?
thanks

[Johnny Bufu]

On 11-Oct-07, at 10:04 AM, tony...@gmail.com wrote:
> SEVERE: Discovery failed on realm: https://stage.imobilesystems.com/
> Product/ProcessLogInOpenID.jsp
> org.openid4java.discovery.yadis.YadisException: 1800: A Yadis Resource
> Descriptor URL MUST be an absolute URL and it must be HTTP or HTTPS;
> found: null
> at
> org.openid4java.discovery.yadis.YadisResult.setXrdsLocation
> (YadisResult.java:
> 111)
>
> ...
> does anyhone have a suggestion?

OpenID 2.0 RPs SHOULD publish their return_to endpoints, and OPs need
to verify return_to URLs against the published data. This is a new
addition to the latest draft12:

13. Discovering OpenID Relying Parties
http://openid.net/specs/openid-authentication-2_0-12.html#rp_discovery

9.2.1. Using the Realm for Return URL Verification
http://openid.net/specs/openid-authentication-2_0-12.html#realms

Since it's a SHOULD, the feature is enabled by default in the
library. However, since it's new and not widely deployed, there's
also the option of disabling the validation.

On the OP side, you can disable it using ServerManager.setEnforceRpId
(). Validation of AuthRequests is also performed on the RP side
before issuing them, and it can be disabled by constructing your own
RealmVerifier, calling RealmVerifier.setEnforceRpId() and passing it
to your ConsumerManager.

Johnny