This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Works for me
Works for me
FS#1310 OpenID plugin appears to fail OpenID page using delegation
Plugins
-
2008-01-16 m1bxd
2007-01-09 OpenID plug in fails to us an OpenID URI which "delegates" to another URI location eg:
http://markcross.openid.co.uk
delegates to:
http://markcross.pip.verisignlabs.com
Using the following code withing the </head> section of the html page
<link rel="openid.server" href="http://pip.verisignlabs.com/server" />
<link rel="openid2.provider" href="http://pip.verisignlabs.com/server" />
<meta http-equiv="X-XRDS-Location" content="http://pip.verisignlabs.com/user/markcross/yadisxrds" />
I have come across this several times before and it has been a simple problem of parsing the page.
See:
http://openid.net/specs/openid-authentication-1_1.html
3.1.1. Delegating Authentication
If the End User's host is not capable of running an Identity Provider, or the End User wishes to use one running on a different host, they will need to delegate their authentication. For example, if they want to use their website, http://www.example.com/, as their Identifier, but don't have the means, or desire, to run an Identity Provider.
If they have a LiveJournal account (say, user "exampleuser"), and know that LiveJournal provides an OpenID Identity Provider and that it'll assert that they control the Identifier http://exampleuser.livejournal.com/ they would be able to delegate their authentication to LiveJournal's Identity Provider..
So, to use www.example.com as their Identifier, but have Consumers actually verify http://exampleuser.livejournal.com/ with the Identity Provider located at http://www.livejournal.com/openid/server.bml, they'd add the following tags to the HEAD section of the HTML document returned when fetching their Identifier URL.
<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml">
<link rel="openid.delegate" href="http://exampleuser.livejournal.com/">
Now, when a Consumer sees that, it'll talk to http://www.livejournal.com/openid/server.bml and ask if the End User is exampleuser.livejournal.com, never mentioning www.example.com anywhere on the wire.
The main advantage of this is that an End User can keep their Identifier over many years, even as services come and go; they'll just keep changing who they delegate to.
Cheers Mark -
2008-01-24 andi
I can not reproduce this. Using the ID http://markcross.openid.co.uk I get redirected correctly to http://pip.verisignlabs.com/server -
2008-01-25 m1bxd
that's because you are not logged into the verisign server as me.
- if you open a verisign account
- log into the verisigin account
- create a web page, say "splitbrain.org/openidtest/index.html
- add in the delegation code as I have done inside http://markcross.openid.co.uk/index.html
You will find the when you are logged into the verisign account, when you try to access a wiki with the plug-in installed, you get continually redirected to verisign site saying that you are not logged in. -
2008-01-25 andi
The problem is that your page http://markcross.openid.co.uk/index.html is missing the delegation line. Without it the OpenID client tries to log you in with http://markcross.openid.co.uk at http://pip.verisignlabs.com/server - but this server knows nothing about http://markcross.openid.co.uk. It only knows about http://markcross.pip.verisignlabs.com. Adding the following line fixes the problem for me:
<link rel="openid.delegate" href="http://markcross.pip.verisignlabs.com" /> -
2008-01-26 m1bxd
Andreas,
Many thanks for investigation and discovering user error!
I had thought that this meta tag was also connected with delegation...
<meta http-equiv="X-XRDS-Location" content="http://pip.verisignlabs.com/user/markcross/yadisxrds" />
damned users....
All the best,
Mark
PS Does your plug-in support the OpenID v2 spec? I can't readily find an account to test it against -
2008-01-26 andi
No the plugin does not support OpenID 2
