6 Replies Latest reply on Jul 18, 2010 11:43 AM by David Lee

    Problem with openid example

    Jonas Erma Newbie

      I just built and deployed the openid example locally to test it. However, I always get an error: OpenID login rejected. The console prints:


      22:44:18,009 INFO  [ConsumerManager] Verifying authentication response...
      22:44:18,014 INFO  [ConsumerManager] Received positive auth response.
      22:44:18,019 ERROR [ConsumerManager] Return_To URL verification failed.


      I tested this with myOpenID and Google. Both fails. I'm not sure if it is because I'm using a local machine (localhost). Also, even though the URL is http://localhost/seam-openid/openid.seam, ReturnTo URL in the response coming from the provider is always like http://localhost:80/seam-openid/openid.seam.


      Any idea what is going wrong?

        • 1. Re: Problem with openid example
          Norman Richards Expert

          localhost should not be the problem.  I tested the example with myopenid with myopenid.com.  Can you provide a more complete stack trace?

          • 2. Re: Problem with openid example
            Jonas Erma Newbie

            Hi Norman!


            There is no exception to show. Everything works okay until it comes to check the return URL and it fails there with an info message.


            I think I know what the problem is:



            OpenId.java generates a return URL like http://127.0.0.1:80/seam-openid/openid.seam.
            Response comes to the URL at http://127.0.0.1/seam-openid/openid.seam.
            They are not equal, hence validation fails.




            Your OpenId.java has a method to construct the return URL:



            public String returnToUrl() {
                    FacesContext context = FacesContext.getCurrentInstance();
                    HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
                    String returnToUrl = "http://" + request.getServerName() + ":" + request.getServerPort() +  
                        context.getApplication().getViewHandler().getActionURL(context, "/openid.xhtml");
                    return returnToUrl;
                }




            When I change it and ignore the port number, it works. So it has definitely something to do with the default port number 80. Is your test server also running at port 80?

            • 3. Re: Problem with openid example
              Norman Richards Expert

              Ah.  That makes sense because I've only tested on port 8080. I'll take a look at this later today or tomorrow at the latest.


              JBSEAM-3891

              • 4. Re: Problem with openid example
                Norman Richards Expert

                That's strange.  I just tried it on port 80 and it worked fine...



                11:30:58,490 INFO  [RealmVerifier] Return URL: http://localhost:80/seam-openid/openid.seam matches realm: http://localhost:80/seam-openid/openid.seam
                11:30:58,490 INFO  [RealmVerifier] Return URL: http://localhost:80/seam-openid/openid.seam matched discovered RP endpoint: http://localhost:80/seam-openid/openid.seam
                



                Can you post your log?





                • 5. Re: Problem with openid example
                  David Lee Newbie

                  I'm experiencing the same problem where one URL has :80 and the other doesn't.  If I recall, the verification passes in RealmVerifier, as shown above, but fails in ConsumerManager.

                  • 6. Re: Problem with openid example
                    David Lee Newbie

                    I had to change the source for the picketlink-seam package in OpenIdSingleLoginReceiver.java


                    Basically, if the port doesn't exist and the protocol is HTTP, I add the port to the receiving URL before verification.


                    Line 91 code changed to



                                   URL uReceivingURL = null;
                                   String sReceivingURL;
                    
                                   try {
                                        uReceivingURL = new URL(receivingURL.toString());
                                        if (uReceivingURL.getPort() == -1
                                                  && uReceivingURL.getProtocol().equalsIgnoreCase(HTTP_PROTOCOL)) {
                                             uReceivingURL = new URL(uReceivingURL.getProtocol(),
                                                       uReceivingURL.getHost(), DEFAULT_HTTP_PORT, uReceivingURL
                                                                 .getFile());
                                        }
                                   } finally {
                                        if (uReceivingURL != null) {
                                             sReceivingURL = uReceivingURL.toExternalForm();
                                        } else {
                                             sReceivingURL = receivingURL.toString();
                                        }
                                   }
                    
                                   VerificationResult verification = openIdConsumerManager.verify(
                                             sReceivingURL, response, discovered);