just part of the crowd
Reputation: 227
DotNetOpenAuth: OpenID Provider returning slightly different claimed identifier
I am at the very last stage of reworking the OpenID provider MVC sample that comes with DotNetOpenAuth.
I am getting the following error on the relying party "The OpenID Provider issued an assertion for an Identifier whose discovery information did not match".
The RP to the get the claimed identifier back in the format of:
but it's coming back from the OP as:
http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd
For anyone that has worked with the DotNetOpenAuth OpenID provider MVC sample, the main difference is that I am using MVC 4 and Razor views...
Just in case this will be helpful to anyone, here are the logs for the last bit:
HTTP GET http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
HTTP GET http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd
http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd
ENTER controller SGAccount, action Login
EXIT controller SGAccount, action Login - time spent 1
X-XRDS-Location found in HTML Http-Equiv tag. Preparing to pull XRDS from http://www.sampleOpenIDProvider.com/Home/xrds
HTTP GET http://www.sampleOpenIDProvider.com/Home/xrds
http://www.sampleOpenIDProvider.com/Home/xrds
HTTP GET http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fHome%2fxrds
http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fHome%2fxrds
ENTER controller SGAccount, action Login
EXIT controller SGAccount, action Login - time spent 1
Total services discovered in XRDS: 0
[]
Total services discovered in HTML: 2
[{ ClaimedIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderLocalIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderEndpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider OpenID version: 2.0 Service Type URIs: http://specs.openid.net/auth/2.0/signon }, { ClaimedIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderLocalIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderEndpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider OpenID version: 1.1 Service Type URIs: http://openid.net/signon/1.1 },]
Protocol error: The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. Assertion endpoint info: ClaimedIdentifier: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd ProviderLocalIdentifier: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd ProviderEndpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider OpenID version: 2.0 Service Type URIs: Discovered endpoint info: [{ ClaimedIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderLocalIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderEndpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider OpenID version: 2.0 Service Type URIs: http://specs.openid.net/auth/2.0/signon }, { ClaimedIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderLocalIdentifier: http://www.sampleOpenIDProvider.com/SGAccount/Login?ReturnUrl=%2fuser%2fjustpartofthecrowd ProviderEndpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider OpenID version: 1.1 Service Type URIs: http://openid.net/signon/1.1 },] at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String unformattedMessage, Object[] args) at DotNetOpenAuth.OpenId.RelyingParty.PositiveAuthenticationResponse.VerifyDiscoveryMatchesAssertion(OpenIdRelyingParty relyingParty) at DotNetOpenAuth.OpenId.RelyingParty.PositiveAuthenticationResponse..ctor(PositiveAssertionResponse response, OpenIdRelyingParty relyingParty) at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestBase httpRequestInfo) at OpenIdRelyingPartyMvc.Controllers.UserController.Authenticate(String returnUrl) at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) at System.Web.Mvc.Controller.ExecuteCore() at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.<BeginProcessRequest>b__5() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0() at System.Web.Mvc.MvcHandler.<>c__DisplayClasse.<EndProcessRequest>b__d() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(I
Upvotes: 0
Views: 672
Answers (1)
Andrew Arnott
Reputation: 81801
It looks to me like your http://www.sampleOpenIDProvider.com/user/justpartofthecrowd URL is redirecting to the login page (when not authenticated). You can't configure it this way. The claimed identifier URLs must be publically accessible to an anonymous client.
Upvotes: 1
Related Questions
- IdentityServer4 return unknown claims using OpenId
- Nearly all OpenId relying parties reject assertions from my dotNetOpenAuth backed provider
- The OpenID Provider issued an assertion for an Identifier whose discovery information did not match
- Is the ClaimedIdentifier the unique one (DotNetOpenAuth)
- Why can't I log in with "claimid.com" as an OpenID?
- How do I reset dotnetauth on the open id providers' sides?
- DotNetOpenAuth: Why I am not getting always the same OpenID given an e-mail?
- ClaimedIdentifier Problem with myOpenID: http or https?
- Is google generating new openid claimed identifier for localhost?
- Get FriendlyIdentifierForDisplay from ClaimedIdentifier in dotNetOpenId