W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

RE: WebID+OpenID Proxy Service

From: Peter Williams <home_pw@msn.com>
Date: Thu, 22 Dec 2011 05:47:56 -0800
Message-ID: <SNT143-W23BF4CEF59178017A263A692AA0@phx.gbl>
To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>

I made a cert/profile/proxy/datastore (its all go at openilink!) and retested. Report is at http://tinyurl.com/6s5fdkh  In invoking the azure ws-fedp/openid bridge, my resource server talked to Azure STS, which talked to the openlink openid/webid bridge.The return path between the openid asserting bridge and the Azure STS bridge (openid option) has the same issue as when using my own keying. The assertion (embeded in typically openid design style) is: 
 https://demosso.accesscontrol.windows.net/v2/openid?context=pr%3dwsfederation%26rm%3dhttp%253a%252f%252fdemosso.rapmls.com%252f&provider=OpenLink&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.user_setup_url=https%3A%2F%2Fid.myopenlink.net%2Fopenid-login%2Fopenid_login.vspx%3Freturn_to%3Dhttps%253A%252F%252Fdemosso.accesscontrol.windows.net%253A443%252Fv2%252Fopenid%253Fcontext%253Dpr%25253dwsfederation%252526rm%25253dhttp%2525253a%2525252f%2525252fdemosso.rapmls.com%2525252f%2526provider%253DOpenLink%26identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26assoc_handle%3D%26trust_root%3D%26sreg_required%3D%26sreg_optional%3D%26policy_url%3D%26ver%3D2%26op_endpoint%3Dhttp%253A%252F%252Fid.myopenlink.net%252Fopenid-server  Azure whines about its conformance to openid 2.0 spec. An error occurred while processing your request. 




HTTP Error Code: 
400 

Message: 
ACS30000: There was an error processing an 
OpenID sign-in response. 

Inner Message: 
ACS90014: Missing required field 
'openid.op_endpoint'. 

Trace ID: 
4756ea77-e76e-4491-9301-02d8f0f01a91 

Timestamp: 
2011-12-22 13:38:51Z        Date: Thu, 22 Dec 2011 08:04:39 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: WebID+OpenID Proxy Service


  


    
  
  
    On 12/22/11 7:41 AM, Peter Williams wrote:
    
      
      
        

         ok there were two bugs. Fixing the first ("server") sounds like
        azure discovery will work better (since its fussy - i.e.
        conforming) about its discovery process. The second bug is that
        OP's response was missing a return field. See last graphic in my
        post delivered by Azure. it MAY explain why 2 ither RPs with
        other coding could not process the response, either. one tiny
        bug fix may sort out all 3 RPs.

      
    
    

    We'll take a look.

    
       

        My cert/profile works with fcns, but not with Henry's test
        server (last time I tested) or your test server (tested just
        now). Neither fail gives much indication as the cause. Im
        perfectly happy to post my .p12 file on the web, so anyone can
        retest (locally) with "my" credentials, if its useful.

      
    
    

    Drop a Resource URL and we'll take a look. 

    
       

        ive been using "works" with FCNS as our gold standard. Perhaps i
        was wrong? I was assuing FCNS has found the right balance
        between ultra-conformance and liberal-parsing, etc, much like
        the tuning of openid delivered by the MyOpenid vendor was
        regarded as ideal - since it maximized interoperability over
        various versions, use of metadata, etc

      
    
    

    Please try our CertGenerator at: http://id.myopenlink.net/certgen .
    Then verify the WebID it produces, then repeat your Azure tests. 

    

    Kingsley

    
       

         

        
          Date: Thu, 22 Dec 2011 07:05:39 -0500

          From: kidehen@openlinksw.com

          To: public-xg-webid@w3.org

          Subject: Re: WebID+OpenID Proxy Service

          

          
          On 12/21/11 7:08 PM, Peter Williams wrote:
          
            
             

               

              
                 http://wp.me/p1fcz8-1J7  suggests
                      a necessary bug fix, so openilink with
                      webid/openid can talk to Azure - and then realty,
                      and everywhere realty reaches as bridging
                      IDP (which is a LONG WAY).
                
               
              well
                    done, Kingsley (and team). Good days work,
                    connecting the semantic web to reality (and realty).
            
          
          

          Peter,

          

          Re., question posed in your post, it should be: http://specs.openid.net/auth/2.0/server
          . The issue has been fixed.

          

          Also, did you verify you WebID using the verifier at: http://id.myopenlink.net/ods/webid_demo.html
          ? 

          

          Kingsley

          
            
              

              
              From: home_pw@msn.com

              To: kidehen@openlinksw.com;
              foaf-protocols@lists.foaf-project.org;
              public-xg-webid@w3.org

              Date: Wed, 21 Dec 2011 15:17:42 -0800

              Subject: RE: WebID+OpenID Proxy Service

              

              
               

                 

                I tried it with sourcforge, and the result was the same
                as with an RPX-powered (at amazone) RP.

                 

                I also tried to bind the openlink IDP (with webid) to
                the Azure bridge, but failed; as summarized here: http://wp.me/p1fcz8-1J7
                

                 

                The site really needs to be
                    (and claim to be) v2. Ill guess this is the crux of
                    the issues.

                   

                  but, it
                    all looks good. Just some minor fiddles required, I
                    suspect. Wont be long before webid is (indirectly)
                    powering a SAML2 protocol exchange to the academic
                    networks. of course, they have had client certs  and
                    https client authn inducing a SAML exchange for
                    years (in a profile focussed on ldap as the
                    repository of the graph). But, this will be cuter;
                    as its all native semweb.

                
                
                  From: home_pw@msn.com

                  To: kidehen@openlinksw.com;
                  foaf-protocols@lists.foaf-project.org;
                  public-xg-webid@w3.org

                  Date: Wed, 21 Dec 2011 12:46:48 -0800

                  Subject: RE: WebID+OpenID Proxy Service

                  

                  
                   Which RP site should I try, ideally?

                     

                    My trial results, at http://wp.me/p1fcz8-1Im
                    

                     

                    > Date: Wed, 21 Dec 2011 14:36:45 -0500

                      > From: kidehen@openlinksw.com

                      > To: foaf-protocols@lists.foaf-project.org;
                      public-xg-webid@w3.org

                      > Subject: WebID+OpenID Proxy Service

                      > 

                      > All,

                      > 

                      > I've dropped a note about the above at: http://goo.gl/zC7tP
                      .

                      > 

                      > It's basically a decoupling of what we had in
                      ODS re. WebID+OpenID 

                      > delivered in a manner similar to: http://openid4.me
                      .

                      > 

                      > 

                      > -- 

                      > 

                      > Regards,

                      > 

                      > Kingsley Idehen 

                      > Founder& CEO

                      > OpenLink Software

                      > Company Web: http://www.openlinksw.com

                      > Personal Weblog: http://www.openlinksw.com/blog/~kidehen

                      > Twitter/Identi.ca handle: @kidehen

                      > Google+ Profile: https://plus.google.com/112399767740508618350/about

                      > LinkedIn Profile: http://www.linkedin.com/in/kidehen

                      > 

                      > 

                      > 

                      > 

                      > 

                      > 

                    
                  
                
              
            
          
          

          

          -- 

Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen





        
      
    
    

    

    -- 

Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen




 		 	   		  
Received on Thursday, 22 December 2011 13:48:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 December 2011 13:48:27 GMT