Ticket #8051 (closed Bug: fixed)

Opened 4 years ago

Last modified 3 years ago

Log in to Plone 3.1-rc1 fails, using Yahoo OpenID: Endpoint mismatch: local_id mismatch

Reported by: grahamperrin Owned by: davisagli
Priority: major Milestone: 3.1.5
Component: OpenID support Keywords:
Cc: grahamperrin

Description

Symptoms

  1. at the OpenID login prompt of a Plone site
  2. enter a Yahoo OpenID
  3. accept the Yahoo prompt to Let Me In
  4. user is redirected to the home page of the Plone site
    • but not logged in.

Environments

Server

  • Plone 3.1-rc1
  • OpenID Authentication Support 1.1

User 1 (Graham Perrin)

  • Mac OS X 10.5.2 with British English preferred
  • Firefox 2.0.0.14
  • Yahoo OpenID URL available on request
    • two variants for the one user
      • neither variant worked with the Plone site.

User 2 (different person, different computer)

Internet connections

At the time of reporting:

  • both users connected to the Internet at University of Sussex
    • transparent proxy in effect.

Change History

comment:1 Changed 4 years ago by grahamperrin

  • Summary changed from Log in to Plone 3.1-rc1 fails, using Yahoo OpenID to Log in to Plone 3.1-rc1 fails, using Yahoo OpenID: Endpoint mismatch: local_id mismatch

Expected  https://me.yahoo.com/username, got  https://me.yahoo.com/username#e40b3

Experimenting with a different site, running instance in foreground, attempting my Yahoo OpenID at  http://localhost:8080/Plone/login_form results in the following: 

Mismatched pre-discovered session data. Claimed ID in session=https://me.yahoo.com/username, in assertion=https://me.yahoo.com/username#e40b3
Performing discovery on https://me.yahoo.com/username#e40b3
Discovery verification failure for https://me.yahoo.com/username#e40b3
 * Endpoint mismatch: local_id mismatch. Expected https://me.yahoo.com/username, got https://me.yahoo.com/username#e40b3
2008-04-21 16:20:39 INFO PluggableAuthService OpenId Authentication for https://me.yahoo.com/username failed: No matching endpoint found after discovering https://me.yahoo.com/username#e40b3

(My user name obscured above.)

comment:2 Changed 3 years ago by davisagli

  • Owner set to davisagli
  • Status changed from new to assigned

This is due to improper handling (in python-openid 2.0.1 which ships with current versions of plone.openid) of the extra URL fragment that yahoo tacks on so they can recycle identifiers (see  http://developer.yahoo.com/openid/faq.html).

I'm updating plone.openid to use python-openid 2.2.1, which seems to take care of this issue.

comment:3 Changed 3 years ago by davisagli

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [22159]) updated to use latest python-openid, in order to fix bug in handling of yahoo and other providers which rewrite the claimed identity URL. fixes #8051. also fixed a bug where you could not log in via OpenID, immediately log out, and then immediately log back in.

comment:4 Changed 3 years ago by grahamperrin

Thanks!

comment:5 Changed 3 years ago by grahamperrin

I have upgraded/migrated my buildout-based installation from 3.1.2 to 3.1.5.1. Fix confirmed. Thanks again.

Note: See TracTickets for help on using tickets.