Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By ChuckAllen-1 on
I've running Drupal 6.5. OpenID works, but I'm wondering if and how I might get rid of those scary warnings when using Yahoo as an OpenID provider:
"Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate."
While the message is scary, if a user goes ahead, the login to the Drupal site is successful.
I found this very good explanation of the issue in general (not Drupal specific) and how to remedy it:
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
I saw the Drupal xrds simple module ( http://drupal.org/project/xrds_simple ) and had hoped it might be an easy fix. Actually, when installed and enabled, it does have an result, but not a successful one. I get a new message and the login goes no further. The new message from Yahoo is:
"Sorry! Something is not quite right with the request we received from the website you are trying to use. Please try again in a few minutes. If this error persists, please contact the site administrator for the website you are trying to use. If you are the site administrator, click here to contact us."
So I disabled the xrds simple modeule and tried to set up the xrds in a bit of a manual process.
Among the steps I took:
* adding "application/xrds+xml" as a mime type my server recognizes (this wasn't already in the mine types file)
* creating an xrds
* Advertising the xrds both within meta tags and as an HTTP response header.
I realize from the above article that the devil is in the details. The article points out that the "realm URL" you advertise in the xrds must not cause any redirects. Here is where I admit, I'm just throwing things against the wall -- and none of them have worked yet. http://www.egdrupalsite.org/ http://www.egdrupalsite.org http://www.egdrupalsite.org/node - etc. I am relatively new to Drupal - perhaps if I understood some Drupal internals a bit better these choices would be a bit more obvious to me.
Any clues, remedies, examples of sites that have this working, or suggested steps to test my set up are appreciated. If this is simply a "you-can't-get-there-from-here,-Yahoo's-got-fix-it issue" that would be helpful information as well.
Thanks,
Chuck Allen
Comments
I've wondered the same
I've wondered the same regarding Yahoo and it's scary user message. I don't, however, have any further info than you have already presented.
What I was wondering though - when I authenticate with Yahoo using OpenID the returned username is a Yahoo URL and causes an invalid username validation error in Drupal. Did you ever have this issue with Yahoo?
--
Ixis (UK): Drupal consultancy, Drupal hosting.
--
Ixis (UK): Drupal support, Drupal hosting.
This link solved my problem
This link solved my problem http://www.cozmanova.com/node/9