Hello, I've been trying to make sure that I haven't been breaking OpenID in Moin while applying some patches, and I noticed that putting more than one provider in openidrp_allowed_op puts Moin into the "identifier select" mode of authentication where the following occurs:
1. The relying party or RP (in this case, Moin offering an OpenID "login") shows a list of providers of the form http://example.com/ (rather than specific identifiers like http://me.example.com/). 2. The RP does discovery using the selected provider, finds out where the OpenID provider endpoint is. 3. The RP, indicating an association handle for future use, redirects the end-user to the provider endpoint and lets them authorise the authentication request. 4. The provider redirects the end-user back to the RP using a specially formed URL which includes the OpenID provider endpoint and the association handle which should have been provided in step 3. 5. The RP attempts to verify the details provided. Here's the problem: when the provider is another Moin instance, the OpenID endpoint mentioned in the specially formed URL is different from the one that was mentioned in discovery. Since the OpenID library (python-openid) concerned uses the endpoint together with the association handle when preparing the request in step 3, it cannot verify the details from step 4 using a new endpoint returned by Moin-as-provider. So, I'm trying to find out whether anyone uses Moin in this way. I'm also trying to figure out whether returning a different endpoint is a valid thing to do and/or whether using an initial endpoint to record authentication state is sensible, although that's more of an issue for the python-openid maintainers, I would imagine. Does anyone have any ideas or experiences with this? Paul ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
