CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

OpenID fails to Authenticate.

https://forum.cmsmadesimple.org/viewtopic.php?t=51775

Page 1 of 1

OpenID fails to Authenticate.

Posted: Wed Feb 09, 2011 6:42 am
by idistech
Ive installed OpenID 1.0 ( cmsms 1.9.2, ubuntu 10.4 ), and have successfully tied registered an openid identity ( one from myopenid and one from google ) to a FEU account.

When I look to relogin in with the OPeniD token, the remote service seems to authenticate ( the remote logs confirm this ),and the returning URL is fired, but it fails to complete the login ( taking me back to the standard FEU login page ).

Ive checked the installation ( as far as possible ), run the openid-php-openid-xxx/detect.php, confirmed curl, gbm are installed etc,

I have the same symptoms with both the MyOpenID and Google account.

debug has been enabled, and trace below.. Notice the last two entries...returning error 302

Code: Select all

[Tue Feb 08 21:52:56 2011] [error] [client 192.168.1.67] FacebookLoginUrl : https://www.facebook.com/login.php?api_key=&cancel_url=http%3A%2F%2Fwww.example.com%2Findex.php%3Fpage%3Dopenid-login&display=page&fbconnect=1&next=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cfacebook%2C1%26mc0639returnid%3D199%26page%3D199&return_session=1&session_version=3&v=1.0
192.168.1.67 - - [08/Feb/2011:21:52:55 +0000] "GET /index.php?page=openid-login HTTP/1.1" 200 3963
192.168.1.67 - - [08/Feb/2011:21:52:58 +0000] "GET /favicon.ico HTTP/1.1" 404 242
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] ********************************, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67]  *** STEP 1 *** action.login.php, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid-identifier : http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid_username : idistech, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] autoCommit : , referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Successfully fetched 'http://idistech.myopenid.com/': GET response code 200, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] getAll : SELECT handle, secret, issued, lifetime, assoc_type FROM cms_module_openid_associations WHERE server_url = ? Array\n(\n    [0] => http://www.myopenid.com/server\n)\n, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] result : Array\n(\n    [0] => Array\n        (\n            [handle] => {HMAC-SHA1}{4d51bb09}{Bq1dHA==}\n            [secret] => EIvnhny1RW3o+7AQI1gJelOaC3o=\n            [issued] => 1297201929\n            [lifetime] => 1209600\n            [assoc_type] => HMAC-SHA1\n        )\n\n)\n, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] SQLStore:isError Array\n(\n    [0] => Array\n        (\n            [handle] => {HMAC-SHA1}{4d51bb09}{Bq1dHA==}\n            [secret] => EIvnhny1RW3o+7AQI1gJelOaC3o=\n            [issued] => 1297201929\n            [lifetime] => 1209600\n            [assoc_type] => HMAC-SHA1\n        )\n\n)\n = 0 pear_ADOConnection, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Return URL : http://www.example.com/index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] Redirect URL : http://www.myopenid.com/server?openid.assoc_handle=%7BHMAC-SHA1%7D%7B4d51bb09%7D%7BBq1dHA%3D%3D%7D&openid.ax.mode=fetch_request&openid.ax.required=ext0&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.claimed_id=http%3A%2F%2Fidistech.myopenid.com%2F&openid.identity=http%3A%2F%2Fidistech.myopenid.com%2F&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Fwww.example.com&openid.return_to=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cauthenticate%2C1%26amp%3Bmc0639page%3Dopenid-login%26amp%3Bmc0639mact%3DOpenID%252Cmc0639%252Clogin%252C0%26amp%3Bmc0639mc0639returnid%3D199%26amp%3Bmc0639openid_username%3Didistech%26amp%3Bmc0639openid_identifier%3Dhttp%253A%252F%252Fidistech.myopenid.com%252F%26amp%3Bmc0639returnid%3D198%26amp%3Bpage%3D198%26janrain_nonce%3D2011-02-08T21%253A53%253A06ZjWDjr5&openid.sreg.optional=fullname%2Cnickname&openid.sreg.required=email, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] request try_auth :, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] http://www.myopenid.com/server?openid.assoc_handle={HMAC-SHA1}{4d51bb09}{Bq1dHA==}, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.mode=fetch_request, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.required=ext0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ax.type.ext0=http://axschema.org/contact/email, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.claimed_id=http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.identity=http://idistech.myopenid.com/, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.mode=checkid_setup, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns=http://specs.openid.net/auth/2.0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns.ax=http://openid.net/srv/ax/1.0, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.ns.sreg=http://openid.net/extensions/sreg/1.1, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.realm=http://www.example.com, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.return_to=http://www.example.com/index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198&janrain_nonce=2011-02-08T21%3A53%3A06ZjWDjr5, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.sreg.optional=fullname,nickname, referer: http://www.example.com/index.php?page=openid-login
[Tue Feb 08 21:53:06 2011] [error] [client 192.168.1.67] openid.sreg.required=email, referer: http://www.example.com/index.php?page=openid-login
192.168.1.67 - - [08/Feb/2011:21:53:05 +0000] "POST /index.php?page=openid-login HTTP/1.1" 200 3867
192.168.1.67 - - [08/Feb/2011:21:53:09 +0000] "GET /index.php?mact=OpenID,mc0639,authenticate,1&mc0639page=openid-login&mc0639mact=OpenID%2Cmc0639%2Clogin%2C0&mc0639mc0639returnid=199&mc0639openid_username=idistech&mc0639openid_identifier=http%3A%2F%2Fidistech.myopenid.com%2F&mc0639returnid=198&page=198&janrain_nonce=2011-02-08T21%3A53%3A06ZjWDjr5&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4d51bb09%7D%7BBq1dHA%3D%3D%7D&openid.ax.count.ext0=0&openid.ax.mode=fetch_response&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.claimed_id=http%3A%2F%2Fidistech.myopenid.com%2F&openid.identity=http%3A%2F%2Fidistech.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2011-02-08T21%3A53%3A09ZlCeoGI&openid.return_to=http%3A%2F%2Fwww.example.com%2Findex.php%3Fmact%3DOpenID%2Cmc0639%2Cauthenticate%2C1%26mc0639page%3Dopenid-login%26mc0639mact%3DOpenID%252Cmc0639%252Clogin%252C0%26mc0639mc0639returnid%3D199%26mc0639openid_username%3Didistech%26mc0639openid_identifier%3Dhttp%253A%252F%252Fidistech.myopenid.com%252F%26mc0639returnid%3D198%26page%3D198%26janrain_nonce%3D2011-02-08T21%253A53%253A06ZjWDjr5&openid.sig=ekCi7t1c9HIzXHG1e3uzPUcRN5c%3D&openid.signed=assoc_handle%2Cax.count.ext0%2Cax.mode%2Cax.type.ext0%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.ax%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned HTTP/1.1" 302 350
192.168.1.67 - - [08/Feb/2011:21:53:09 +0000] "GET /index.php?page=login HTTP/1.1" 200 3658
Any help greatly appreciated...

Re: OpenID fails to Authenticate.

Posted: Tue Feb 15, 2011 6:14 pm
by idistech
Anybody having success or problems with this ?
Thanks

Re: OpenID fails to Authenticate.

Posted: Wed Jun 08, 2011 10:25 pm
by henrik
This problem was caused by a redirect problem where the OpenID module processing should have been done on a page that the user wasn't allowed to see. This prevented the login process from completing and caused the 302 error. The 1.1.0 release of the OpenID module has redirect-after-login built in and should allow for better management of the page flow and avoid issues like this one.

We did get this one sorted out via email, just thought that I should post an update in this thread in case anyone else faces the same issues.

/Henrik
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited