OpenID fails to Authenticate.

[idistech]

Ive installed OpenID 1.0 ( cmsms 1.9.2, ubuntu 10.4 ), and have successfully tied registered an openid identity ( one from myopenid and one from google ) to a FEU account.

When I look to relogin in with the OPeniD token, the remote service seems to authenticate ( the remote logs confirm this ),and the returning URL is fired, but it fails to complete the login ( taking me back to the standard FEU login page ).

Ive checked the installation ( as far as possible ), run the openid-php-openid-xxx/detect.php, confirmed curl, gbm are installed etc,

I have the same symptoms with both the MyOpenID and Google account.

debug has been enabled, and trace below.. Notice the last two entries...returning error 302

Code: Select all

[Tue Feb 08 21:52:56 2011] [error] [client 192.168.1.67] FacebookLoginUrl : https://www.facebook.com/login.php?api_key=&cancel_url=http%3A%2F%2Fwww.example.com%2Findex.php%3Fpage%3Dopenid-login&display=page&fbconnect=1&next=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cfacebook%2C1%26mc0639returnid%3D199%26page%3D199&return_session=1&session_version=3&v=1.0
192.168.1.67 - - [08/Feb/2011:21:52:55 +0000] "GET /index.php?page=openid-login HTTP/1.1" 200 3963
192.168.1.67 - - [08/Feb/2011:21:52:58 +0000] "GET /favicon.ico HTTP/1.1" 404 242
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] ********************************, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67]  *** STEP 1 *** action.login.php, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid-identifier : http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid_username : idistech, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] autoCommit : , referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Successfully fetched 'http://idistech.myopenid.com/': GET response code 200, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] getAll : SELECT handle, secret, issued, lifetime, assoc_type FROM cms_module_openid_associations WHERE server_url = ? Array\n(\n    [0] => http://www.myopenid.com/server\n)\n, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] result : Array\n(\n    [0] => Array\n        (\n            [handle] => {HMAC-SHA1}{4d51bb09}{Bq1dHA==}\n            [secret] => EIvnhny1RW3o+7AQI1gJelOaC3o=\n            [issued] => 1297201929\n            [lifetime] => 1209600\n            [assoc_type] => HMAC-SHA1\n        )\n\n)\n, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] SQLStore:isError Array\n(\n    [0] => Array\n        (\n            [handle] => {HMAC-SHA1}{4d51bb09}{Bq1dHA==}\n            [secret] => EIvnhny1RW3o+7AQI1gJelOaC3o=\n            [issued] => 1297201929\n            [lifetime] => 1209600\n            [assoc_type] => HMAC-SHA1\n        )\n\n)\n = 0 pear_ADOConnection, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Return URL : http://www.example.com/index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Redirect URL : http://www.myopenid.com/server?openid.assoc_handle=%7BHMAC-SHA1%7D%7B4d51bb09%7D%7BBq1dHA%3D%3D%7D&openid.ax.mode=fetch_request&openid.ax.required=ext0&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.claimed_id=http%3A%2F%2Fidistech.myopenid.com%2F&openid.identity=http%3A%2F%2Fidistech.myopenid.com%2F&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Fwww.example.com&openid.return_to=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cauthenticate%2C1%26amp%3Bmc0639page%3Dopenid-login%26amp%3Bmc0639mact%3DOpenID%252Cmc0639%252Clogin%252C0%26amp%3Bmc0639mc0639returnid%3D199%26amp%3Bmc0639openid_username%3Didistech%26amp%3Bmc0639openid_identifier%3Dhttp%253A%252F%252Fidistech.myopenid.com%252F%26amp%3Bmc0639returnid%3D198%26amp%3Bpage%3D198%26janrain_nonce%3D2011-02-08T21%253A53%253A06ZjWDjr5&openid.sreg.optional=fullname%2Cnickname&openid.sreg.required=email, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] request try_auth :, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] http://www.myopenid.com/server?openid.assoc_handle={HMAC-SHA1}{4d51bb09}{Bq1dHA==}, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.mode=fetch_request, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.required=ext0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.type.ext0=http://axschema.org/contact/email, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.claimed_id=http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.identity=http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.mode=checkid_setup, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns=http://specs.openid.net/auth/2.0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns.ax=http://openid.net/srv/ax/1.0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns.sreg=http://openid.net/extensions/sreg/1.1, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.realm=http://www.example.com, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.return_to=http://www.example.com/index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198&janrain_nonce=2011-02-08T21%3A53%3A06ZjWDjr5, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.sreg.optional=fullname,nickname, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.sreg.required=email, referer: http://www.example.com/index.php?page=openid-login
192.168.1.67 - - [08/Feb/2011:21:53:05 +0000] "POST /index.php?page=openid-login HTTP/1.1" 200 3867
192.168.1.67 - - [08/Feb/2011:21:53:09 +0000] "GET /index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198&janrain_nonce=2011-02-08T21%3A53%3A06ZjWDjr5&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4d51bb09%7D%7BBq1dHA%3D%3D%7D&openid.ax.count.ext0=0&openid.ax.mode=fetch_response&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.claimed_id=http%3A%2F%2Fidistech.myopenid.com%2F&openid.identity=http%3A%2F%2Fidistech.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2011-02-08T21%3A53%3A09ZlCeoGI&openid.return_to=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cauthenticate%2C1%26mc0639page%3Dopenid-login%26mc0639mact%3DOpenID%252Cmc0639%252Clogin%252C0%26mc0639mc0639returnid%3D199%26mc0639openid_username%3Didistech%26mc0639openid_identifier%3Dhttp%253A%252F%252Fidistech.myopenid.com%252F%26mc0639returnid%3D198%26page%3D198%26janrain_nonce%3D2011-02-08T21%253A53%253A06ZjWDjr5&openid.sig=ekCi7t1c9HIzXHG1e3uzPUcRN5c%3D&openid.signed=assoc_handle%2Cax.count.ext0%2Cax.mode%2Cax.type.ext0%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.ax%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned HTTP/1.1" 302 350
192.168.1.67 - - [08/Feb/2011:21:53:09 +0000] "GET /index.php?page=login HTTP/1.1" 200 3658

Any help greatly appreciated...

[idistech]

Anybody having success or problems with this ?
Thanks

[henrik]

This problem was caused by a redirect problem where the OpenID module processing should have been done on a page that the user wasn't allowed to see. This prevented the login process from completing and caused the 302 error. The 1.1.0 release of the OpenID module has redirect-after-login built in and should allow for better management of the page flow and avoid issues like this one.

We did get this one sorted out via email, just thought that I should post an update in this thread in case anyone else faces the same issues.

/Henrik