OpenID module not working
Thomas Ash - April 24, 2009 - 15:08
| Project: | Drupal |
| Version: | 6.13 |
| Component: | openid.module |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | won't fix |
Jump to:
Description
I'm posting this as an issue since others responded to my forums thread saying they had the same problem:
I've enabled the OpenID module on a couple of Drupal 6 installs, but neither lets me log in with OpenIDs (I've tried different accounts, both at claimid.com and flickr ). Having authenticated at the OpenID provider, I'm returned to my site with URL http://www.philosofiles.com/openid/authenticate? [... +a bunch of parameters] which displays
Page not found', and am not logged in (and when I log in as admin, I see no new user's been created).
You can try logging in yourself at 1 of my installs at http://www.philosofiles.com/join
#1
The exact order of operations (per my previous post) are as follows:
(1) User comes to drupal 6.10 site.
(2) OpenID is selected as an auth method.
(3) User successfully authenticates against the external OpenID site (in my case, http://www.myopenid.com).
(4) User is directed to a "page not found" message on the drupal 6.10 site.
I wanted to break this down very carefully to isolate the issue.
#2
In general, without even trying to log in, navigating to http://domain.com/openid generates 404 and this is where the problem is. It's not related to myOpenID or any specific OpenID provider.
#3
Bumping... this seems quite critical.
#4
I too have the same issue with openid and I use drupal 12. when user login with openid url, he is redirected to a "page not found" error page.
Has someone found any solution?
#5
I too have the same issue with openid and I use drupal 12. when user login with openid url, he is redirected to a "page not found" error page.
Has someone found any solution?
PS: My apology for the repeated comment. I am not sure how it happened twice.
#6
I experience this problem on my live site, but not on my test site. My live site is hosted at Hostgator.com. My test site runs on Ubuntu on an old PC.
I ran the PHP reports on both sites and compared them with diff. Two differences that may (or may not) impact this issue are:
magic_quotes_gpcTest: Off
session.cookie_domainTest: test.pinballclicks.com
Searching here at drupal.org, I found several similar reports—all unresolved:
Drupal's OpenID module apparently works on some sites, including my test site and the sandbox site reported on July 15. OpenID does not work on some other sites.
I suspect that some PHP configuration difference impacts whether OpenID works or not.
#7
Hi,
i too face the similar issue. any temporary fix?
#8
@nkolev, there's no openid path on Drupal, the fact that it returns a 404 is therefore by design.
What happens if you access http://example.com/openid/authenticate ? Do you get a 404, or are you redirected to the frontpage with the message "Authentication failed"?
#9
Hi @Heine,
i get "Page not found" page.
when i give my open id and click the login button, open id authentication happens and i was redirected to
http://example.com/openid/authenticate with open id values in query string.
how to fix this?
#10
Please login as admin, and visit admin/build/modules. Then logout and try to access the openid/authenticate path again (http://example.com/openid/authenticate again).
#11
Heine,
thank you for quick reply.
i checked. i got the message as "OpenID login failed."
but i cannot login using the openID. when i try login using open id, after open id auth, its getting redirected to "Page not found" page.
http://demo.ilugc.in/ is the site. can you check?
also i have registered as a site user. i cannot associate my OpenID with user account. i am redirected to "Page not found" page
#12
Thank you for the link.
Are you running mod_security? Your server somehow refuses to accept any request with the strings http://, https:// or ftp:// as part of query values.
Moving to support request.
#13
Heine,
i think i have disabled the mod_security via htaccess as of now. still it isnt working.
moving back to bug report
#14
Are you sure mod_security is disabled?
Your server still does not accept http:// in query values.
#15
@Thomas Ash: your server also doesn't accept the string "http://" in query variables. Please check if you are running mod_security.
#16
And downgrading as a server configuration issue.
#17
Heine,
i agree that it is a server configuration issue. but drupal hasnt given any message about it.
instead of giving a message, it redirects to 404. is it correct way? usability for the user is very difficult to figure out.
can we change that?
also, how do i disable the mod security? disabling it wont create any security related issue?
whats the alternative?
#18
If mod_security interferes with normal request processing, Drupal cannot know about it, as it comes much later in the processing chain. It is mod_security that throws the 404 (or whatever error code it decides to use this time).
Please ask your host to disable mod_security or disable the rule that causes this issue (Likely an anti-remote file inclusion rule). You can find out what rule causes the issue by viewing the mod_security audit log.
For mod_security Core rules set 2.0.2, it is likely one of the RFI rules in base_rules\modsecurity_crs_40_generic_attacks.conf.
The rule of thumb is: If you run mod_security, and you see mysterious 404, 500 or whatever errors, the cause is likely mod_security (eg see Mysterious 403, 404, 406, 500 or "Page not found" errors depending on submitted content).
I'll add a page on openid + mod_security to the troubleshooting faq.
#19
Thanks, Heine, for explaining the cause of the 404 errors and writing the troubleshooting FAQ page, Page not found error upon returning from the OpenID Provider.
With your explanation, it is much easier to find similar problem reports and solutions. For example, this report describes OpenID logins failing on a Wordpress site hosted by HostGator. Their solution was the same as Heine's: ask the web hosting company to whitelist the domain for the mod_security rule causing the issue.
#20
Thanks a lot Heine, my host solved my problem by ensuring mod_security had rules 1234234 and 340153 whitelisted (in case these details help anyone in the future...)
#21
Drupal 6.14
This is a full blown issues, folks. Anybody know how to escalate it?
Tried pasting
#drupal exclusion rule
SecRuleRemoveById 1234234
SecRuleRemoveById 340153
Threw an 'internal server error'
#22
Can you paste your htaccess code? We're dyin here. :)
#23
@GarryEgan, it's best to contact your host.