Canonical SSO provider

Confusing message while logging in using openid on istylr.com

Bug #319614 reported by Diogo Matsubara on 2009-01-21

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	Fix Released	Low	Unassigned

Bug Description

Steps to reproduce:
1. Open http://istylr.com
2. Click the Open ID link
3. Enter the identity URL (e.g. https://launchpad.net/~matsubara)
4. Click Login
5. You're redirect to a Launchpad page that says: "A site identifying as http://istylr.com has asked us for confirmation that https://launchpad.net/~matsubara is your identity URL. However, that is not a valid Launchpad OpenID identity URL, such as https://launchpad.net/~matsubara"

That message doesn't make much sense.

This is a bug in the canonical open id provider. Wgrant analysed it:
----

The XRDS served by c-i-p is wrong for delegated identities, yet it is
linked from https://launchpad.net/~USER. It has no openid:Delegate
elements, so XRDS-capable consumers attempt to authenticate to
https://login.launchpad.net/+openid with the original URL, not
https://login.launchpad.net/+id/SOMETHING.

Adding
<openid:Delegate>https://login.launchpad.net/+id/SOMETHING</openid:Delegate>
to the produced XRDS makes everybody happy again.
----

See original description

Tags:

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2009-10-12:

User, William Grant, wrote:

The XRDS served by c-i-p is wrong for delegated identities, yet it is linked from https://launchpad.net/~USER. It has no openid:Delegate elements, so XRDS-capable consumers attempt to authenticate to https://login.launchpad.net/+openid with the original URL, not https://login.launchpad.net/+id/SOMETHING.

Adding <openid:Delegate>https://login.launchpad.net/+id/SOMETHING</openid:Delegate> to the produced XRDS makes everybody happy again.

Changed in canonical-identity-provider:
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

Robert Collins (lifeless) wrote on 2009-10-12:

I really think this is more than 'low' priority: you can't interoperate with the openid world properly at the moment.

description:

updated

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2009-10-13:

> you can't interoperate with the openid world properly at the moment.

Neither have you ever been able to. To the best of my knowledge, this isn't a regression but functionality which has never worked. It's also trivially easy to work around by creating a regular account on a site which doesn't work so qualifies as a minor annoyance at worst. If we'd had more user reports or the bug hadn't just sat in an untended state for the past 7 months without any activity then I'd consider making it a medium priority. As it is, I think 'low' is reasonable.

Revision history for this message

William Grant (wgrant) wrote on 2009-10-13:

The produced XRDS has changed in the last 3 months -- the last version to live in the Launchpad tree only provided 2.0 information, not 1.0 and 1.1. Maybe that is relevant.

Revision history for this message

William Grant (wgrant) wrote on 2009-10-13:

Note that istylr.com has bigger problems. My fix breaks their OpenID consumer badly (yielding a blank page). I don't think this is the same bug.

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2009-10-13:

Thanks for the additional information.

Revision history for this message

Robert Collins (lifeless) wrote on 2009-10-13: Re: [Bug 319614] Re: Confusing message while logging in using openid on istylr.com

On Tue, 2009-10-13 at 09:43 +0000, Stuart Metcalfe wrote:
> > you can't interoperate with the openid world properly at the moment.
>
> Neither have you ever been able to. To the best of my knowledge, this
> isn't a regression but functionality which has never worked.

Its a regression; a month or so ago it worked.

Anyhow, I see the bugs have been de-dupped, so I'll follow up on my
specific bug.

-Rob

Łukasz Czyżykowski (lukasz-czyzykowski) on 2010-10-15

Changed in canonical-identity-provider:
status:	Confirmed → Triaged

Stuart Metcalfe (stuartmetcalfe) on 2010-10-15

tags:

added: meta633877
removed: openid ui

Stuart Metcalfe (stuartmetcalfe) on 2010-10-16

tags:

added: proj-openit
removed: meta633877

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2010-11-18:

Looks like this was fixed some time ago. Going to my xrds file, I get:

<?xml version="1.0"?>
<xrds:XRDS
    xmlns="xri://$xrd*($v*2.0)"
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0">
  <XRD>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/signon</Type>
      <URI>https://login.launchpad.net/+openid</URI>
      <LocalID>https://login.launchpad.net/+id/t7X3tQE</LocalID>
    </Service>
    <Service priority="1">
      <Type>http://openid.net/signon/1.1</Type>
      <URI>https://login.launchpad.net/+openid</URI>
      <openid:Delegate>https://login.launchpad.net/+id/t7X3tQE</openid:Delegate>
    </Service>
    <Service priority="2">
      <Type>http://openid.net/signon/1.0</Type>
      <URI>https://login.launchpad.net/+openid</URI>
      <openid:Delegate>https://login.launchpad.net/+id/t7X3tQE</openid:Delegate>
    </Service>
  </XRD>
</xrds:XRDS>

Changed in canonical-identity-provider:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Full public OpenID service

Remote bug watches

Bug watches keep track of this bug in other bug trackers.