Opened 16 years ago
Last modified 12 years ago
#11 assigned defect
error while loging with SmugMug OpenID identifier
| Reported by: | avodonosov | Owned by: | mpasternacki |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | code | Version: | |
| Keywords: | Cc: |
Description
I have tested our RP prototype with various providers listed at http://openid.net/get/. All of them I tested so far work OK, except for SmugMug?.
When logging in into our test RP by SmugMug? OpenID identifier, an error appears: OpenID assertion error: Invalid signature.
livejournal is able to login this ID.
Account details: ID: http://clopenid.smugmug.com email: clopenid@… password: verysecret123
This is a 14 days trial account, it will expire at August 03 2008.
Backtrace:
[2008-07-19 20:10:50] 87.252.227.42 - "GET /cl-openid/ HTTP/1.1" 200 518 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16" [2008-07-19 20:10:55 [DEBUG]] Associating v1-compatible with http://www.smugmug.com/services/openid/server/ (assoc "HMAC-SHA1", session "DH-SHA1") [2008-07-19 20:10:56] 87.252.227.42 - "GET /cl-openid/?openid_identifier=http%3A%2F%2Fclopenid.smugmug.com&openid_action=Login HTTP/1.1" 302 706 "http://myhost:4242/cl-openid/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16" [2008-07-19 20:10:59 [ERROR]] OpenID assertion error: Invalid signature 0: (BACKTRACE 536870911 #<SB-IMPL::STRING-OUTPUT-STREAM {AC8C089}>) 1: (HUNCHENTOOT:GET-BACKTRACE #<unavailable argument>) 2: ((LAMBDA (COND)) #<CL-OPENID::OPENID-ASSERTION-ERROR {AC87089}>) 3: ((LAMBDA (COND)) #<CL-OPENID::OPENID-ASSERTION-ERROR {AC87089}>) 4: (SIGNAL #<CL-OPENID::OPENID-ASSERTION-ERROR {AC87089}>) 5: (ERROR CL-OPENID::OPENID-ASSERTION-ERROR) 6: (CL-OPENID::HANDLE-INDIRECT-REPLY
(("openid.mode" . "id_res")
("openid.identity" . "http://clopenid.smugmug.com/") ("openid.return_to" . "http://myhost:4242/cl-openid/ID1") ("openid.assoc_handle" . "8398644882829021ef7") ("openid.signed" . "mode,identity,return_to") ("openid.sig" . "tHfd+BICtd4hMNWPR5aA/8b2o/c="))
((:RETURN-TO . #<PURI:URI http://myhost:4242/cl-openid/ID1>)
(:TIMESTAMP . 3425501455) (:PROTOCOL-VERSION 1 . 1) (:OP-ENDPOINT-URL
. #<PURI:URI http://www.smugmug.com/services/openid/server/>)
(:CLAIMED-ID . #<PURI:URI http://clopenid.smugmug.com/>)))
7: (CL-OPENID::HANDLE-OPENID-REQUEST
#<PURI:URI http://myhost:4242/cl-openid/> #<PURI:URI http://myhost:4242> (("openid.mode" . "id_res")
("openid.identity" . "http://clopenid.smugmug.com/") ("openid.return_to" . "http://myhost:4242/cl-openid/ID1") ("openid.assoc_handle" . "8398644882829021ef7") ("openid.signed" . "mode,identity,return_to") ("openid.sig" . "tHfd+BICtd4hMNWPR5aA/8b2o/c="))
"ID1")
8: ((LAMBDA ())) 9: (HUNCHENTOOT::PROCESS-REQUEST
((:HOST . "myhost:4242")
(:USER-AGENT
. "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16")
(:ACCEPT
. "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5")
(:ACCEPT-LANGUAGE . "ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3") (:ACCEPT-ENCODING . "gzip,deflate") (:ACCEPT-CHARSET . "windows-1251,utf-8;q=0.7,*;q=0.7") (:KEEP-ALIVE . "300") (:CONNECTION . "keep-alive") (:REFERER . "http://myhost:4242/cl-openid/"))
#<FLEXI-STREAMS:FLEXI-IO-STREAM {AC2C4C1}> :GET "/cl-openid/ID1?openid.mode=id_res&openid.identity=http://clopenid.smugmug.com/&openid.return_to=http://myhost:4242/cl-openid/ID1&openid.assoc_handle=8398644882829021ef7&openid.signed=mode,identity,return_to&openid.sig=tHfd%2BBICtd4hMNWPR5aA%2F8b2o%2Fc%3D" :HTTP/1.1)
10: (HUNCHENTOOT::PROCESS-CONNECTION
#<HUNCHENTOOT::SERVER {B7EC6D1}> #<SB-BSD-SOCKETS:INET-SOCKET descriptor 8 {AC23859}>)
11: ((FLET SB-THREAD::WITH-MUTEX-THUNK)) 12: (SB-UNIX::CALL-WITH-LOCAL-INTERRUPTS
#<CLOSURE (FLET SB-UNIX::WITH-LOCAL-INTERRUPTS-THUNK) {B574209D}> T)
13: ((FLET SB-UNIX::WITHOUT-INTERRUPTS-THUNK) T) 14: ((FLET SB-UNIX::RUN-WITHOUT-INTERRUPTS)) 15: (SB-UNIX::CALL-WITHOUT-INTERRUPTS
#<CLOSURE (FLET SB-UNIX::WITHOUT-INTERRUPTS-THUNK) {B574218D}>)
16: (SB-THREAD::CALL-WITH-MUTEX
#<CLOSURE (FLET SB-THREAD::WITH-MUTEX-THUNK) {B5742215}> #S(SB-THREAD:MUTEX
:NAME "thread result lock" :%OWNER #<SB-THREAD:THREAD "hunchentoot-worker-2" {AC245B1}> :STATE 1)
#<SB-THREAD:THREAD "hunchentoot-worker-2" {AC245B1}> T)
17: ((LAMBDA ())) 18: ("foreign function: #x806398C") 19: ("foreign function: #x8051E61") 20: ("foreign function: #x805B44D") 21: ("foreign function: #xB7FC8FDA")
[2008-07-19 20:10:59] 87.252.227.42 - "GET /cl-openid/ID1?openid.mode=id_res&openid.identity=http://clopenid.smugmug.com/&openid.return_to=http://myhost:4242/cl-openid/ID1&openid.assoc_handle=8398644882829021ef7&openid.signed=mode,identity,return_to&openid.sig=tHfd%2BBICtd4hMNWPR5aA%2F8b2o%2Fc%3D HTTP/1.1" 500 298 "http://myhost:4242/cl-openid/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16"
Change History (5)
comment:1 Changed 16 years ago by
| Status: | new → assigned |
|---|
comment:2 Changed 16 years ago by
If it is a SmubMug?'s bug, livejournal should not work with it too, but it works.
comment:3 Changed 16 years ago by
On SmugMug? support forum I saw users reporting that only a few RPs work with their ID (of which only livejournal has been mentioned explicitly), and many RPs fail. Python-openid, which I use as a reference implementation, fails in "smart" mode (with associations), but everything works in stateless mode (signature verification by direct request to OP). It is possible that services that work just use stateless mode, and it might be a good workaround to just ignore failed association attempts and go on with stateless mode.
What SmugMug? passes as mac_key is evidently not a Base64-encoded array that is required by spec (it's 19 characters long and not padded with = signs), looks like a hex number, but however I try to interpret it, I can't get signatures working. I'll see if anybody on their support forum replies to my report.
comment:4 Changed 16 years ago by
| Milestone: | HTTP client portability |
|---|---|
| Version: | 0.5 nonportable |
Seems to be bug in SmugMug? code. Started a thread on SmugMug?'s support forum: http://www.dgrin.com/showthread.php?p=896451