No, the openid.identity is not one of the request parameters. The error occurs before the openID-consumer-website does the actual redirect that includes the openid.identity to the cas-loginpage.
On openID-consumer-website side, the error occurs during the execution of a method '_associate' (described as: "Create (or reuse existing) association between OpenID consumer and OpenID server based on Diffie-Hellman key agreement. Returns true on success ens false on failure."). In this function there is a connection established to https://www.myExampleCasServer.be/cas/login as I specified in the <link rel="openid.server" href="https://www.myExampleCasServer.be/cas/login"; /> in the personal page. Could it be this the server endpoint is wrong (but I wouldn't know what else it should be)? Or is there something else wrong? I would expect that there shouldn't be a connection made to https://www.myExampleCasServer.be/cas/login in that stage yet. Thanks Johan From: Scott Battaglia Sent: Tuesday, March 31, 2009 4:30 PM To: [email protected] Subject: Re: [cas-user] CAS with OpenID On Tue, Mar 31, 2009 at 10:28 AM, Johan Peeters <[email protected]> wrote: Hi I am trying to implement OpenID with CAS and I'm following the guide on http://www.ja-sig.org/wiki/display/CASUM/OpenID. I followed all the steps, but I can't make it work. From the client side, I get an error message that says: Association failed: Association failed: The returned assoc_type differed from the supplied openid.assoc_type In the CAS-log, I can see that the 'OpenIdSingleSignOnAction' returned error, this is because the credentials returned from the constructCredentialsFromRequest are null. After searching a while I found that the URI (context.getRequestParameters().get("openid.identity")) that is passed to the OpenIdUserNameExtractor is also null and thus it is indeed impossible to extract the credentials from this URI. Does anyone knows what could be wrong? This is probably going to sound like a dumb question, but is "openid.identity" one of the request parameters when you are redirected to CAS? Thanks -Scott -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
