2

I am trying to create a small application that uses OpenID4Java for openId auth.

I am able to successfully redirect user to OpenID provider site to login, but on returning to URL its verification fails.

Method that process response from openID Provider is,

    public HashMap<String, String> verifyResponse(HttpServletRequest httpReq){
        HashMap<String, String> values = new HashMap<String, String>();
        try{
           ParameterList response = new ParameterList(httpReq.getParameterMap());

            // retrieve the previously stored discovery information
            DiscoveryInformation discovered = (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc");

            // extract the receiving URL from the HTTP request
            StringBuffer receivingURL = httpReq.getRequestURL();
            String queryString = httpReq.getQueryString();
            if (queryString != null && queryString.length() > 0)
                receivingURL.append("?").append(httpReq.getQueryString());

            // verify the response; ConsumerManager needs to be the same
            // (static) instance used to place the authentication request
            VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);

            // examine the verification result and extract the verified identifier
            Identifier verified = verification.getVerifiedId();

            if (verified != null){
                AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();

                if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)){
                    FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);

                    values.put("GUID", (String)fetchResp.getAttributeValues("GUID").get(0));
                    values.put("Email", (String)fetchResp.getAttributeValues("Email").get(0));
                    values.put("FirstName", (String)fetchResp.getAttributeValues("FirstName").get(0));
                    values.put("LastName", (String)fetchResp.getAttributeValues("LastName").get(0));
                    values.put("Gender", (String)fetchResp.getAttributeValues("Gender").get(0));
                    values.put("Country", (String)fetchResp.getAttributeValues("Country").get(0));
                    values.put("Company", (String)fetchResp.getAttributeValues("Company").get(0));
                    values.put("VerifiedUserId", verified.getIdentifier());
                    values.put("Verified", verified.toString());

                }

                return values;  // success
            }else{

                values.put("VerifiedUserId", "nun");
//                values.put("Verified", verified.toString());
                return values;  // success
            }
        }

        catch (OpenIDException e){
            // present error to the user
        }

        return null;
    }

on returning, following failure messages are there in console.

     31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: ephemeral_session_id=56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269; domain=myopenid.com; path=/
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: ephemeral_session_id=56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269; domain=myopenid.com; path=/
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: browser_id=5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: browser_id=5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: session_id=8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Set-Cookie: session_id=8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Connection: close
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers  - << Connection: close
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: ephemeral_session_id][value: 56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269][domain: myopenid.com][path: /][expiry: null]". 
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: ephemeral_session_id][value: 56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269][domain: myopenid.com][path: /][expiry: null]". 
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: browser_id][value: 5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]". 
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: browser_id][value: 5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]". 
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: session_id][value: 8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]". 
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies  - Cookie accepted: "[version: 0][name: session_id][value: 8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]". 
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.client.ClientParamsStack  - 'http.protocol.handle-redirects': false
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.client.ClientParamsStack  - 'http.protocol.handle-redirects': false
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire  - << "is_valid:false[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire  - << "is_valid:false[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire  - << "ns:http://specs.openid.net/auth/2.0[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire  - << "ns:http://specs.openid.net/auth/2.0[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.DefaultClientConnection  - Connection shut down
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.DefaultClientConnection  - Connection shut down
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager  - Released connection is not reusable.
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager  - Released connection is not reusable.
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute  - Releasing connection [HttpRoute[{}->http://www.myopenid.com]][null]
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute  - Releasing connection [HttpRoute[{}->http://www.myopenid.com]][null]
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute  - Notifying no-one, there are no waiting threads
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute  - Notifying no-one, there are no waiting threads
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.util.HttpCache  - Read 51 bytes.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.util.HttpCache  - Read 51 bytes.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Creating parameter list from key-value form:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Creating parameter list from key-value form:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Created empty parameter list.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Created empty parameter list.
31581 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Copying parameter list:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31581 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Copying parameter list:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31581 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager  - Retrived response:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31581 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager  - Retrived response:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Created empty parameter list.
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList  - Created empty parameter list.
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.VerifyResponse  - Created verification response:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.VerifyResponse  - Created verification response:
is_valid:false
ns:http://specs.openid.net/auth/2.0

31582 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager  - Direct signature verification failed with OP: http://www.myopenid.com/server
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager  - Direct signature verification failed with OP: http://www.myopenid.com/server
31582 [http-bio-8080-exec-9] ERROR org.openid4java.consumer.ConsumerManager  - Verification failed for: http://aaaqif.myopenid.com/ reason: Direct signature verification failed.
31582 [http-bio-8080-exec-9] ERROR org.openid4java.consumer.ConsumerManager  - Verification failed for: http://aaaqif.myopenid.com/ reason: Direct signature verification failed.
Aqif Hamid
  • 3,511
  • 4
  • 25
  • 38
  • Are you still getting the issue ? – SureshAtt Jun 28 '12 at 10:16
  • I am no more working on this project now. :) – Aqif Hamid Jun 30 '12 at 06:39
  • But if you have something to say or add too, Please do so! I will test that and will look at if that is working, maybe someone else could get help of this question. – Aqif Hamid Jun 30 '12 at 06:42
  • This client works in the dumb mode, that is, the signature verification is done by the OpenID Provider itself. If the signature verification of the message sent by OP fails then there is something seriously wrong at the OP assuming the message wasn't tampered. So I wanted to know if this client work with any other OpenID provider such as MyOPenID, Google, yahoo etc. – SureshAtt Jun 30 '12 at 10:36

0 Answers0