Back to OpenID General Discussion Forum
0

Can't confirm website identity

When authenticating with Yahoo's OpenID, the user is seeing the famous "This website has not confirmed its identity with Yahoo!" warning message. I've read through all the FAQs and other documentation I could find but I am yet unable to determine why this is failing. I have some questions:

When verifying the return_to url; does Yahoo! ignore any query parameters (i.e., everything from a ? onward). My XRDS document publishes the exact same return_to URL as is present in the OpenID request (up to the "?")

Strangely, I am not even seeing a request by Yahoo! to obtain my XRDS document in my webserver logs! It is not fetching the return_to url, nor the corresponding root "/" URL (the same as the return_to url without the extra path or query string).

Note that my site only responds to https (port 443); there is no open port on 80. All the URLs I'm sending though are https:

by
Report Abuse
2 Replies
  • I think I may have figured this out. I am using a wildcard realm pattern., e.g., <https://*.example.com/>,
    whereas my return_to url is more like <https://zzz.example.com/openid-return/>.

    Since my return_to URL *matches* the realm, I thought it would try to find my XRDS document
    by using the return_to url. However I guess that Yahoo! is instead looking for it on
    <https://www.example.com/> (which is a different server, run by the "Marketing" folks so
    there is no way to get anything even slightly technical on it, much less an XRDS
    document, or link to one).

    After carefully re-reading the OpenID 2.0 spec, there is a small little sentence in section 9.2.1
    which points this out. So I need to find some other way to do this, if it is even possible.
    Report Abuse
    0
  • QUOTE (deron.meranda @ Apr 6 2009, 10:22 PM) <{POST_SNAPBACK}>
    Strangely, I am not even seeing a request by Yahoo! to obtain my XRDS document in my webserver logs! It is not fetching the return_to url, nor the corresponding root "/" URL (the same as the return_to url without the extra path or query string).


    For performance reasons, we do cache the XRDS doc for about an hour,so you might not have noticed the request in your logs. Additionally, because of the caching, any changes that you make to the XRDS might not be noticed for an hour.

    Can we see your site?
    Report Abuse
    0
Ask a Question

Recent Posts

in OpenID General Discussion