Comments on: How not to implement OpenID http://docwhat.org/2008/11/how-not-to-implement-openid/ Some men are discovered; others are found out Fri, 13 Aug 2010 15:37:58 +0000 hourly 1 By: docwhat http://docwhat.org/2008/11/how-not-to-implement-openid/comment-page-1/#comment-5984 docwhat Sat, 14 Mar 2009 04:16:28 +0000 http://docwhat.gerf.org/?p=224#comment-5984 Hah! It turns out it <i>was</i> the OpenID plugin. We should complain to the author.... Hah! It turns out it was the OpenID plugin. We should complain to the author….

]]> By: Robert Eccardt http://docwhat.org/2008/11/how-not-to-implement-openid/comment-page-1/#comment-5949 Robert Eccardt Sun, 25 Jan 2009 23:38:05 +0000 http://docwhat.gerf.org/?p=224#comment-5949 They have a workaround on the SourceForge site: http://alexandria.wiki.sourceforge.net/OpenID#tocOpenID5 Adding the HTML discovery they mention allows delegation to work for me. But even that is partly broken. It requires me to include the "www" and "index.html" portion of my URL, which I normally leave out. But the whole thing is almost useless anyway, since you can't use it for their CVS or Subversion. They have a workaround on the SourceForge site:

http://alexandria.wiki.sourcef.....tocOpenID5

Adding the HTML discovery they mention allows delegation to work for me. But even that is partly broken. It requires me to include the “www” and “index.html” portion of my URL, which I normally leave out. But the whole thing is almost useless anyway, since you can’t use it for their CVS or Subversion.

]]> By: docwhat http://docwhat.org/2008/11/how-not-to-implement-openid/comment-page-1/#comment-5931 docwhat Wed, 26 Nov 2008 02:43:24 +0000 http://docwhat.gerf.org/?p=224#comment-5931 @Will Norris OpenID should be fixed. That was, as you point out, my bad. I also found that Bad Behavior is messing with the ?openid_server=1 requests (they have a signature similar to cross site scripting attacks); so I disabled Bad Behavior for the moment. However, SourceForge still isn't able to log in. It says "Could not verify your OpenID. Please try again." (after I've added it to my trusted sites, so it got that far) The HTTP log only shows this: <pre> "GET /?openid_server=1&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=checkid_setup&openid.identity=http%3A%2F%2Fdocwhat.gerf.org%2Fauthor%2Fdocwhat%2F&openid.claimed_id=http%3A%2F%2Fdocwhat.gerf.org%2F&openid.assoc_handle=%7BHMAC-SHA256%7D%7B492c5dbe%7D%7BFUTq4w%3D%3D%7D&openid.return_to=https%3A%2F%2Fsourceforge.net%2Faccount%2Fopenid_verify.php&openid.realm=https%3A%2F%2Fsourceforge.net&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.optional=nickname%2Cemail%2Cfullname%2Ccountry%2Clanguage%2Ctimezone&openid.sreg.policy_url=http%3A%2F%2Fsourceforge.net%2Ftos%2Fprivacy.php HTTP/1.0" 302 - "-" </pre> @Will Norris

OpenID should be fixed. That was, as you point out, my bad.

I also found that Bad Behavior is messing with the ?openid_server=1 requests (they have a signature similar to cross site scripting attacks); so I disabled Bad Behavior for the moment.

However, SourceForge still isn’t able to log in. It says “Could not verify your OpenID. Please try again.” (after I’ve added it to my trusted sites, so it got that far)

The HTTP log only shows this:

"GET /?openid_server=1&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=checkid_setup&openid.identity=http%3A%2F%2Fdocwhat.gerf.org%2Fauthor%2Fdocwhat%2F&openid.claimed_id=http%3A%2F%2Fdocwhat.gerf.org%2F&openid.assoc_handle=%7BHMAC-SHA256%7D%7B492c5dbe%7D%7BFUTq4w%3D%3D%7D&openid.return_to=https%3A%2F%2Fsourceforge.net%2Faccount%2Fopenid_verify.php&openid.realm=https%3A%2F%2Fsourceforge.net&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.optional=nickname%2Cemail%2Cfullname%2Ccountry%2Clanguage%2Ctimezone&openid.sreg.policy_url=http%3A%2F%2Fsourceforge.net%2Ftos%2Fprivacy.php HTTP/1.0" 302 - "-"
]]> By: Will Norris http://docwhat.org/2008/11/how-not-to-implement-openid/comment-page-1/#comment-5930 Will Norris Wed, 26 Nov 2008 00:11:34 +0000 http://docwhat.gerf.org/?p=224#comment-5930 I have no problems logging into SF, and of course I'm using the WordPress OpenID plugin. :) I do however have trouble commenting with an OpenID here. Looks like you moved your wp-comments-post.php file, right? If so, you need to set OPENID_COMMENTS_POST_PAGE in wp-config.php. See http://wiki.diso-project.org/WordPress-OpenID#HiddenOptions I have no problems logging into SF, and of course I’m using the WordPress OpenID plugin. :) I do however have trouble commenting with an OpenID here. Looks like you moved your wp-comments-post.php file, right? If so, you need to set OPENID_COMMENTS_POST_PAGE in wp-config.php. See http://wiki.diso-project.org/W.....denOptions

]]>