Loading Profile...
Logging in with OpenID has stopped working
I'm attempting to log in with OpenID, using the same URL https://sourceforge.net/users/stevensa I've always used (it's remembered and filled in automatically by my browser). However, after signing in with the delegated provider, instead of returning to the usual page of bookmarks I get prompted to assign the ID to a new or existing account. It should be already, to http://ma.gnolia.com/people/andy.stevens
This was working fine previously, it seems to have broken some time earlier this week.
I've noticed that the identity_url parameter in the address bar of that assignment page only says http not https; perhaps that's related to my problem? (not that I've looked at it that closely before, so I couldn't say if this has changed)
This was working fine previously, it seems to have broken some time earlier this week.
I've noticed that the identity_url parameter in the address bar of that assignment page only says http not https; perhaps that's related to my problem? (not that I've looked at it that closely before, so I couldn't say if this has changed)
I’m frustrated
3
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
-
Inappropriate?Hi Andy, I'm wondering if something has happened with your identity provider. Your OpenID url is the one we have on record for your account, the only thing I can think is that your provider is returning a different claimed url. Do you think this is a possibility?
-
Inappropriate?To be honest, I've no idea exactly where it's broken down, whether it's at your end, the delegating bit at the URL I enter, or the value sent back by the authentication provider after I log in. I just know that it worked before and doesn't now... -
Inappropriate?Okay, I've been digging a bit deeper...
The original request to /authentication/signin_dispatcher has openid_url_openid containing the expected https URL, however, the Location header in the resulting 302 redirect only has http:// in the openid.claimed_id as it redirects to the delegated authentication provider.
Accessing my OpenID URL (with https:) directly in a web browser, I've noticed that it also does a 302 redirect (to use http:). I'm pretty sure this wasn't the case in the past, so I assume this is the cause of my problem. However, given I enter the URL with https, I'm a bit surprised it doesn't still use that in the claimed_id parameter, rather than substituting the 302'd Location. Supposing that rather than https->http it did some other redirect to a totally different site or page (which then contains the OpenID delegate info) - which one would be passed back as the claimed ID then?
Andrew.
EMPLOYEE
