I have problems logging in with the SSO setup, when a user does not exist on the relying party side. The standard values for nickname and email are usually transfered by a very basic sreg for both fields. After committing this patch (February 2012), and especially within the function openid_extract_namespace
, the sreg values for nickname and email are mandatory but the code as well requires the ns.sreg
value to be signed, which is not happening on the provider side. This is the code responsible for that:
if ($only_signed && !in_array('ns.' . $matches[1], $signed_keys)) {
// The namespace was defined but was not signed as required. In this
// case we do not fall back to $fallback_prefix.
$prefix = NULL;
}
This has been fixed initially in this case: #1441586: SREG and AX keys aren't signed, so they are ignored by Drupal OpenID clients But unfortunately the ns.sreg does not get signed by the provider.
Comment | File | Size | Author |
---|---|---|---|
#1 | adding_sreg_namespace_to_be_signed-1909142-1.patch | 746 bytes | xamanu |
Comments
Comment #1
xamanu CreditAttribution: xamanu commentedHere comes the patch.
Comment #2
anarcat CreditAttribution: anarcat commentedCommitted.
Comment #3
wiennat CreditAttribution: wiennat commentedAlso need to apply this patch to 6.x branch. :)
Comment #4
anarcat CreditAttribution: anarcat commentedComment #5
pianomansam CreditAttribution: pianomansam commentedWould it be possible to get a full 7.x release that includes this fix, not just a dev version?
Comment #6
xamanu CreditAttribution: xamanu commentedYes, please it would be very helpful to get stable version out there including this fix. People constantly run into this: #2175217: No login using OpenID with D7 relying party And myself I just debugged this already three times. Time just passes and I forget about this.
Comment #7
tunicI've tested the latest dev and patched is applied, see http://drupalcode.org/project/openid_provider.git/commit/a3d87b6587f97b8...
Fixing!