Ticket #108 (closed defect: wontfix)

Opened 11 months ago

Last modified 6 months ago

Both php-openid libs give "Bad Signature" against LJ, when run on a fresh Amazon EC2 Redhat box

Reported by: http://danbri.org/ Assigned to:
Priority: major Milestone:
Keywords: openid php gmp redhat ec2 Cc: danbrickley@gmail.com, thomas.harning@trustbearer.com
Project: php-openid OpenID Protocol:
Series: Web Browser:

Description

Fresh installs of php-openid (both 1.x and 2.x) can't authenticate against livejournal

here's my sandbox experiment,

http://sandbox.foaf-project.org/2008/dada/php-openid-2.0.0/examples/consumer/ http://sandbox.foaf-project.org/2008/dada/php-openid-1.2.3/examples/consumer/

Both give "OpenID authentication failed: Bad signature" after returning from Livejournal, when I enter any of:

danbri.org http://danbri.org/ http://danbri.livejournal.com/

...as my openid.

A friend reported success with another provider, however.

I read that this is often something to do with GMP compilation/binding problems. I'm not a PHP person really, but it seems that I couldn't uninstall GMP on an Amazon EC2 fresh-out-the-box Redhat without losing php-bcmath.

Dependencies Resolved

=============================================================================

Package Arch Version Repository Size

============================================================================= Removing:

gmp i386 4.1.4-6 installed 1.5 M

Removing for dependencies:

php i386 5.0.4-10.5 installed 5.9 M php-bcmath i386 5.0.4-10.5 installed 30 k php-pear i386 5.0.4-10.5 installed 1.7 M php-xml i386 5.0.4-10.5 installed 151 k

...and I can't restore php-bcmath without the yum RPM utility installing gmp again. So I don't see easily how I might avoid GMP.

Not having used Redhat packaging in years, nor being a PHP export (or an openid library expert) I'm happy to admit I could be screwing up something obvious here. But it would be lovely if these tools could work out of the box on common hosting providers (EC2) against popular openid providers (livejournal).

Let me know if there's any more info I could provide. cheers...

Change History

01/21/08 13:38:01 changed by http://keturn.myopenid.com/

I tried your sandbox, and got this error: 

OpenID authentication failed: return_to does not match return URL. Expected http://sandbox.foaf-project.org:80/2008/dada/php-openid-2.0.0/examples/consumer/finish_auth.php, got http://sandbox.foaf-project.org/2008/dada/php-openid-2.0.0/examples/consumer/finish_auth.php?janrain_nonce=2008-01-21T21%3A34%3A23ZtdNm7Y&openid1_claimed_id=http%3A%2F%2Fketurn.livejournal.com%2F

That at least seems possible to debug without playing with dependencies, if you can figure out where the extra :80 is coming from.

02/01/08 21:25:03 changed by http://harningt.eharning.us/

  • cc changed from danbrickley@gmail.com to danbrickley@gmail.com, thomas.harning@trustbearer.com.

05/19/08 15:06:01 changed by http://cygnus.myopenid.com/

  • status changed from new to closed.
  • resolution set to wontfix.

Closing due to staleness; it might be helpful to know which association store is being used, since the bad signature errors might be caused by a bug in retrieving the association store's data for signature verification. If you do indeed have a buggy GMP, the solution will be to remove it by whatever means necessary.

Please re-open this ticket if you're still seeing bad behavior. Thanks!

05/30/08 13:44:39 changed by http://dag.myopenid.com/

  • milestone deleted.

Milestone python-openid 2.0.2 deleted