Uploaded image for project: 'Seam Security'
  1. Seam Security
  2. SEAMSECURITY-67

security-openid-rp/op examples fail with 0x100: Namespace declaration for extension http://openid.net/srv/ax/1.0 MUST be signed

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.Beta5
    • Labels:
      None
    • Environment:

      JBossAS 6.1.0-SNAPSHOT+Weld 1.1.1, Seam Security 3.0.1-SNAPSHOT

    • Steps to Reproduce:
      Hide

      0. add www.openid-op.com and www.openid-rp.com as hostnames for 127.0.0.1 in /etc/hosts (as per readme files in the examples)
      1. deploy the security-openid-rp and security-openid-op examples
      2. go to http://www.openid-rp.com:8080/security-openid-rp/Index.jsf
      3. select Custom and put http://www.openid-op.com:8080/security-openid-op/openid/OP/XrdsService to the Custom OpenID URL
      4. write "user" as a username (or whatever), click login
      5. write "user@example.com" as an email (or whatever), click OK
      6. notice the error "HTTP Status 400 - 0x100: Namespace declaration for extension http://openid.net/srv/ax/1.0 MUST be signed"

      Show
      0. add www.openid-op.com and www.openid-rp.com as hostnames for 127.0.0.1 in /etc/hosts (as per readme files in the examples) 1. deploy the security-openid-rp and security-openid-op examples 2. go to http://www.openid-rp.com:8080/security-openid-rp/Index.jsf 3. select Custom and put http://www.openid-op.com:8080/security-openid-op/openid/OP/XrdsService to the Custom OpenID URL 4. write "user" as a username (or whatever), click login 5. write "user@example.com" as an email (or whatever), click OK 6. notice the error "HTTP Status 400 - 0x100: Namespace declaration for extension http://openid.net/srv/ax/1.0 MUST be signed"
    • Workaround Description:
      Hide

      Downgrade OpenID4Java to 0.9.5 (note that 0.9.6 fixes a security issue, so this is not an option really)

      Show
      Downgrade OpenID4Java to 0.9.5 (note that 0.9.6 fixes a security issue, so this is not an option really)

      Description

      Since the upgrade of OpenID4Java to 0.9.6 the openid example combo (security-openid-rp/op) fails with

      HTTP Status 400 - 0x100: Namespace declaration for extension http://openid.net/srv/ax/1.0 MUST be signed

      The example seems to work fine if downgraded to 0.9.5

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shane.bryzak Shane Bryzak
                Reporter:
                maschmid Marek Schmidt
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: