如何让 AOL 的 OpenID 站点验证发挥作用?

发布于 2024-08-26 17:25:27 字数 489 浏览 12 评论 0原文

我有一个 OpenID 依赖方设置并使用 XRDS。它通过了 http://test-id.org/ 上的“RP 有可发现的 return_to”互操作测试RP/DiscoverableReturnTo.aspx

雅虎不再抱怨“警告:该网站尚未与雅虎确认其身份,可能存在欺诈行为。”正如 Andrew Arnott 的优秀博客文章中所述: http: //blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

但是,当我尝试使用 AOL 进行身份验证时,我看到“警告!站点验证无法完成” ”。信息。

I have an OpenID relying party setup and using XRDS. It passes the "RP has discoverable return_to" interop test over at http://test-id.org/RP/DiscoverableReturnTo.aspx.

Yahoo no longer complains with the message "Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent." as outlined in Andrew Arnott's excellent blog post: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

However, when I try to authenticate using AOL I see the "Warning! site verification could not be completed." message.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

你没皮卡萌 2024-09-02 17:25:27

验证 return_to 值时,AOL 不支持 RFC 4366 TLS“服务器名称指示”(SNI) 扩展,该扩展允许同一 IP 地址上有多个 SSL 证书。如果您的服务器如此配置,AOL 将仅看到该 IP 地址的默认证书。如果它与依赖网站的证书不匹配,AOL 将(错误地)报告错误。

即这是一个 AOL 错误。

When verifying the return_to value, AOL doesn’t support the RFC 4366 TLS "Server Name Indication" (SNI) extension, which allows multiple SSL certificates on the same IP address. If your server is so configured, AOL will only see the default certificate for the IP address. If it doesn’t happen to match the certificate of the relying website, AOL will (incorrectly) report an error.

i.e. This is an AOL bug.

呆萌少年 2024-09-02 17:25:27

经过 3 个小时的工作,我满意了 AOL 验证。以下是您需要确保的内容(假设您满足 openid 2.0 规范)。

Aol 正在发出 http Head 请求,因此请确保您的领域页面正在接受 Http Head 请求。我认为这就是最大的错误,因为我们从来不检查 Http Head。

Aol http head 请求是非常裸露的,因此请确保您的服务返回响应是裸露的请求。 即。在我们的例子中,当请求中没有代理信息时,代码也会失败。

您很可能会遇到上述情况的问题。

After 3 hours of work i had satisfied AOL verification. Below is what you need to make sure(assuming you satisfy openid 2.0 specificaiton).

Aol is making http Head request, so make sure that your realm page is accepting Http Head request. I think that's what mostly wrong as we don't check Http Head ever.

Aol http head request is very naked so make sure your serve back response with bare request. ie. in our case code was also failing when there is no agent info in request.

It is most likely you would have problem with above conditions.

过去的过去 2024-09-02 17:25:27

也许这只是 AOL 的缓存响应,明天它就会消失。只是一个想法。您已经完成的 test-id.org 测试和 Yahoo 测试应该表明您做得正确。

如果 AOL 要求您遵守其他人没有的新要求,请告诉我们。

Maybe it's just a cached response from AOL and tomorrow it goes away. Just a thought. The test-id.org test and Yahoo test you've already done should demonstrate you're doing it right.

Please let us know if there's a novel requirement AOL holds you to that others don't.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文