CODEWITHSUNDEEP
asp.netdotnetopenauth
Sohail
Sohail

Reputation: 13

The OpenID Provider issued an assertion for an Identifier whose discovery information did not match

I used sample code from DotNetOpenAuth.net to become my own OpenID Provider (OpenIDProviderWebForm) everything worked fine and I was able to test my OP against NerdDinner. now I want to customize the identifier like --->

http://www.mydomain.com/user.aspx/Hash(Username+PrivateKey)~Username.

everything works on OP side but on the NerdDinner application when the app tries to do

HttpRequestInfo clientResponseInfo = new HttpRequestInfo("GET", auth, auth.PathAndQuery, headers, null);

response = RelyingParty.GetResponse(clientResponseInfo);

(you can find these two lines of codes in AuthController.cs from NerdDinner)

the response contains below error:

The OpenID Provider issued an assertion for an Identifier whose discovery information did not match.   
Assertion endpoint info:  
    ClaimedIdentifier: http://localhost:57571/user.aspx/76208371132EC7F7A37472C8B4CC2CC37A05B707~sohail 
    ProviderLocalIdentifier: http://localhost:57571/user.aspx/76208371132EC7F7A37472C8B4CC2CC37A05B707~sohail         
    ProviderEndpoint: http://localhost:57571/server.aspx
    OpenID version: 2.0
    Service Type URIs: 
Discovered endpoint info: [
{
    ClaimedIdentifier: http://localhost:57571/user.aspx/EA467E35736AC22EB60C04C2E9D9594263B60ECB~sohail     
    ProviderLocalIdentifier: http://localhost:57571/user.aspx/EA467E35736AC22EB60C04C2E9D9594263B60ECB~sohail   
    ProviderEndpoint: http://localhost:57571/server.aspx
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://openid.net/extensions/sreg/1.1
}, {
    ClaimedIdentifier: http://localhost:57571/user.aspx/EA467E35736AC22EB60C04C2E9D9594263B60ECB~sohail     
    ProviderLocalIdentifier: http://localhost:57571/user.aspx/EA467E35736AC22EB60C04C2E9D9594263B60ECB~sohail   
    ProviderEndpoint: http://localhost:57571/server.aspx
    OpenID version: 1.0
    Service Type URIs: 
        http://openid.net/signon/1.0
        http://openid.net/extensions/sreg/1.1
 },
]

anybody can help me please?

Upvotes: 1

Views: 940

Answers (1)

Andrew Arnott
Andrew Arnott

Reputation: 81801

The relying party is reporting that the Provider is asserting information about an identifier that doesn't match what the OpenID discovery produces about that same identifier.

Your responsibility as a Provider includes making sure your assertion matches the identifier information. So consider what is under the "Discovered endpoint info" in the error message, and why it's different than what was asserted (above it). In this case, your ClaimedIdentifier and ProviderLocalIdentifier URLs are different between the asserted and discovered data. This may be because an HTTP GET on the asserted identifier actually generates an HTTP redirect to the URL under "discovered endpoint info", which you'd need to fix.

Upvotes: 1

Related Questions