I have problems logging in with the SSO setup, when a user does not exist on the relying party side. The standard values for nickname and email are usually transfered by a very basic sreg for both fields. After committing this patch (February 2012), and especially within the function openid_extract_namespace, the sreg values for nickname and email are mandatory but the code as well requires the ns.sreg value to be signed, which is not happening on the provider side. This is the code responsible for that:

if ($only_signed && !in_array('ns.' . $matches[1], $signed_keys)) {
  // The namespace was defined but was not signed as required. In this
  // case we do not fall back to $fallback_prefix.
  $prefix = NULL;
}

This has been fixed initially in this case: #1441586: SREG and AX keys aren't signed, so they are ignored by Drupal OpenID clients But unfortunately the ns.sreg does not get signed by the provider.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

xamanu’s picture

Status: Active » Needs review
FileSize
746 bytes

Here comes the patch.

anarcat’s picture

Status: Needs review » Fixed

Committed.

wiennat’s picture

Version: 7.x-1.x-dev » 6.x-1.x-dev

Also need to apply this patch to 6.x branch. :)

anarcat’s picture

Status: Fixed » Patch (to be ported)
pianomansam’s picture

Would it be possible to get a full 7.x release that includes this fix, not just a dev version?

xamanu’s picture

Yes, please it would be very helpful to get stable version out there including this fix. People constantly run into this: #2175217: No login using OpenID with D7 relying party And myself I just debugged this already three times. Time just passes and I forget about this.

tunic’s picture

Issue summary: View changes
Status: Patch (to be ported) » Fixed

I've tested the latest dev and patched is applied, see http://drupalcode.org/project/openid_provider.git/commit/a3d87b6587f97b8...

Fixing!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.