Wednesday, November 5, 2008

OpenID Troubleshooting for openid4java

On deployment of the bioMoby Annotator, ran into some interesting problems with OpenID.

Firstly, for those of you who are trying to figure out why Yahoo is giving you the

"Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate."



I recommend having a look at the Yahoo OpenID FAQs

I also recommend the following articles:

Why Yahoo! says your OpenID site's identity is not confirmed

If you're using Openid4java from sxip, try this:
facileloging

If Yahoo is still giving you errors, consider their extra requirements:

Yahoo! will only support Relying Parties running on webservers with real hostnames (IP addresses are not supported) running on standard ports (Port 80 for HTTP and Port 443 for HTTPS).

This means localhost will not work and if it's running on say... port 8080, you'll need to figure out a way to forward from port 80 to port 8080

Your web app also needs to be available from the internet. You can test this by trying to access your website from another computer outside of your intranet.

So in the end: if your web address looks like http://localhost:8080/yourrealm/openid , it's not going to work. it needs to look similar to http://real.hostname.com/yourrealm/openid

If Yahoo is doing a discovery of your Yadis document on your REALM. ie. your index.html, make sure the header x-xrds-location is inserted into the head.

Again, if you're using Java Servlets and Apache Tomcat like I am, you'll need to do this using a Servlet Filter:


Instructions on Servlet Filter


Can't tell if it's in the header?
You can type curl -i http://your.website.com/yourrealm/ in your command prompt to check


Another note:
If you're getting:
org.openid4java.message.MessageException: 769: Realm verification

try going into the init method for your openid consumer Servlet
and adding in manager.getRealmVerifier().setEnforceRpId(false); after this.manager = new ConsumerManager();


A good website to go to make sure that an openID 2.0 Provider does work with openid4java is https://verify.sxip.com/papedemo/

No comments: