- From: Peter Williams <home_pw@msn.com>
- Date: Thu, 22 Dec 2011 05:47:56 -0800
- To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W23BF4CEF59178017A263A692AA0@phx.gbl>
I made a cert/profile/proxy/datastore (its all go at openilink!) and retested. Report is at http://tinyurl.com/6s5fdkh In invoking the azure ws-fedp/openid bridge, my resource server talked to Azure STS, which talked to the openlink openid/webid bridge.The return path between the openid asserting bridge and the Azure STS bridge (openid option) has the same issue as when using my own keying. The assertion (embeded in typically openid design style) is:
https://demosso.accesscontrol.windows.net/v2/openid?context=pr%3dwsfederation%26rm%3dhttp%253a%252f%252fdemosso.rapmls.com%252f&provider=OpenLink&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.user_setup_url=https%3A%2F%2Fid.myopenlink.net%2Fopenid-login%2Fopenid_login.vspx%3Freturn_to%3Dhttps%253A%252F%252Fdemosso.accesscontrol.windows.net%253A443%252Fv2%252Fopenid%253Fcontext%253Dpr%25253dwsfederation%252526rm%25253dhttp%2525253a%2525252f%2525252fdemosso.rapmls.com%2525252f%2526provider%253DOpenLink%26identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26assoc_handle%3D%26trust_root%3D%26sreg_required%3D%26sreg_optional%3D%26policy_url%3D%26ver%3D2%26op_endpoint%3Dhttp%253A%252F%252Fid.myopenlink.net%252Fopenid-server Azure whines about its conformance to openid 2.0 spec. An error occurred while processing your request.
HTTP Error Code:
400
Message:
ACS30000: There was an error processing an
OpenID sign-in response.
Inner Message:
ACS90014: Missing required field
'openid.op_endpoint'.
Trace ID:
4756ea77-e76e-4491-9301-02d8f0f01a91
Timestamp:
2011-12-22 13:38:51Z Date: Thu, 22 Dec 2011 08:04:39 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: WebID+OpenID Proxy Service
On 12/22/11 7:41 AM, Peter Williams wrote:
ok there were two bugs. Fixing the first ("server") sounds like
azure discovery will work better (since its fussy - i.e.
conforming) about its discovery process. The second bug is that
OP's response was missing a return field. See last graphic in my
post delivered by Azure. it MAY explain why 2 ither RPs with
other coding could not process the response, either. one tiny
bug fix may sort out all 3 RPs.
We'll take a look.
My cert/profile works with fcns, but not with Henry's test
server (last time I tested) or your test server (tested just
now). Neither fail gives much indication as the cause. Im
perfectly happy to post my .p12 file on the web, so anyone can
retest (locally) with "my" credentials, if its useful.
Drop a Resource URL and we'll take a look.
ive been using "works" with FCNS as our gold standard. Perhaps i
was wrong? I was assuing FCNS has found the right balance
between ultra-conformance and liberal-parsing, etc, much like
the tuning of openid delivered by the MyOpenid vendor was
regarded as ideal - since it maximized interoperability over
various versions, use of metadata, etc
Please try our CertGenerator at: http://id.myopenlink.net/certgen .
Then verify the WebID it produces, then repeat your Azure tests.
Kingsley
Date: Thu, 22 Dec 2011 07:05:39 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: WebID+OpenID Proxy Service
On 12/21/11 7:08 PM, Peter Williams wrote:
http://wp.me/p1fcz8-1J7 suggests
a necessary bug fix, so openilink with
webid/openid can talk to Azure - and then realty,
and everywhere realty reaches as bridging
IDP (which is a LONG WAY).
well
done, Kingsley (and team). Good days work,
connecting the semantic web to reality (and realty).
Peter,
Re., question posed in your post, it should be: http://specs.openid.net/auth/2.0/server
. The issue has been fixed.
Also, did you verify you WebID using the verifier at: http://id.myopenlink.net/ods/webid_demo.html
?
Kingsley
From: home_pw@msn.com
To: kidehen@openlinksw.com;
foaf-protocols@lists.foaf-project.org;
public-xg-webid@w3.org
Date: Wed, 21 Dec 2011 15:17:42 -0800
Subject: RE: WebID+OpenID Proxy Service
I tried it with sourcforge, and the result was the same
as with an RPX-powered (at amazone) RP.
I also tried to bind the openlink IDP (with webid) to
the Azure bridge, but failed; as summarized here: http://wp.me/p1fcz8-1J7
The site really needs to be
(and claim to be) v2. Ill guess this is the crux of
the issues.
but, it
all looks good. Just some minor fiddles required, I
suspect. Wont be long before webid is (indirectly)
powering a SAML2 protocol exchange to the academic
networks. of course, they have had client certs and
https client authn inducing a SAML exchange for
years (in a profile focussed on ldap as the
repository of the graph). But, this will be cuter;
as its all native semweb.
From: home_pw@msn.com
To: kidehen@openlinksw.com;
foaf-protocols@lists.foaf-project.org;
public-xg-webid@w3.org
Date: Wed, 21 Dec 2011 12:46:48 -0800
Subject: RE: WebID+OpenID Proxy Service
Which RP site should I try, ideally?
My trial results, at http://wp.me/p1fcz8-1Im
> Date: Wed, 21 Dec 2011 14:36:45 -0500
> From: kidehen@openlinksw.com
> To: foaf-protocols@lists.foaf-project.org;
public-xg-webid@w3.org
> Subject: WebID+OpenID Proxy Service
>
> All,
>
> I've dropped a note about the above at: http://goo.gl/zC7tP
.
>
> It's basically a decoupling of what we had in
ODS re. WebID+OpenID
> delivered in a manner similar to: http://openid4.me
.
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder& CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
--
Regards,
Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
--
Regards,
Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Received on Thursday, 22 December 2011 13:48:27 UTC