ConsumerManager.verify() 失败,并显示“未找到与断言中的 ClaimedID / OP 端点相匹配的服务元素。”
我正在尝试在 JSF2 应用程序中实现 openid 身份验证,一切似乎都工作正常,直到应用程序需要验证 openid 服务器的响应(在我的例子中是 stackexchange)。
我已经检查了 openid4java 源代码来调试和跟踪问题,但我似乎找不到它失败的原因。该代码基于 openid4java 中的示例代码网站。
首先,我正在制作这样的请求:
if (getManager() == null) {
setManager(new ConsumerManager());
}
try {
// perform discovery on the user-supplied identifier
List discoveries = getManager().discover(getOpenIdIdentifier());
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = getManager().associate(discoveries);
// store the discovery information in the user's session for later use
// leave out for stateless operation / if there is no session
((HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false)).setAttribute("discovered", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = getManager().authenticate(discovered, RETURN_URL);
FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute("email", "http://schema.openid.net/contact/email", true);
// attach the extension to the authentication request
authReq.addExtension(fetch);
FacesContext.getCurrentInstance().getExternalContext().redirect(authReq.getDestinationUrl(true));
} catch (Exception ex) {
ex.printStackTrace();
}
我被重定向到 https://openid.stackexchange.com/ ,我使用我的电子邮件和pw 登录,stackexchange 将我重定向回 RETURN_URL,其中以下 servlet 正在等待:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
User u = ((User) request.getSession().getAttribute("user"));
response.setContentType("text/html;charset=UTF-8");
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("discovered");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (queryString != null && queryString.length() > 0) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response
try {
VerificationResult verification = u.getManager().verify(receivingURL.toString(), openidResp, discovered); // here is where ERROR ConsumerManager:1740 - No service element found to match the ClaimedID / OP-endpoint in the assertion. happens
Identifier verifiedId = verification.getVerifiedId();
if (verifiedId != null) {// success, use the verified identifier to identify the user
AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
String email = (String) fetchResp.getAttributeValues("email").get(0);
u.autoAuthByEmail(email);
response.sendRedirect("/");
}
} else {// OpenID authentication failed
u.setLoggedIn(false);
response.getOutputStream().print("auth failed. <a href=\"/\">home</a>");
}
} catch (Exception e) {
e.printStackTrace();
}
}
这是我在 server.log 中得到的内容(RETURN_URL 替换为 mydomain.org):
[#|2011-11-29T12:20:16.117+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,116 INFO Discovery:143 - Starting discovery on URL identifier: https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.119+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,119 INFO HttpCache:316 - Returning cached HEAD response for https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.121+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,120 INFO HttpCache:117 - Returning cached GET response for https://openid.stackexchange.com/xrds|#]
[#|2011-11-29T12:20:16.145+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,145 INFO YadisResolver:264 - Yadis discovered 1 endpoints from: https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.147+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,147 INFO Discovery:164 - Discovered 1 OpenID endpoints.|#]
[#|2011-11-29T12:20:16.149+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,148 INFO ConsumerManager:705 - Trying to associate with https://openid.stackexchange.com/openid/provider attempts left: 4|#]
[#|2011-11-29T12:20:16.152+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,151 INFO ConsumerManager:714 - Found an existing association: {634581615862250013}{M+QESA==}{32}|#]
[#|2011-11-29T12:20:16.154+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,153 INFO ConsumerManager:1063 - Creating authentication request for OP-endpoint: https://openid.stackexchange.com/openid/provider claimedID: http://specs.openid.net/auth/2.0/identifier_select OP-specific ID: http://specs.openid.net/auth/2.0/identifier_select|#]
[#|2011-11-29T12:20:16.156+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,155 INFO RealmVerifier:282 - Return URL: http://mydomain.org/openid matches realm: http://mydomain.org/openid|#]
[#|2011-11-29T12:20:16.679+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,679 INFO ConsumerManager:1121 - Verifying authentication response...|#]
[#|2011-11-29T12:20:16.680+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,680 INFO ConsumerManager:1145 - Received positive auth response.|#]
[#|2011-11-29T12:20:16.681+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,681 INFO Discovery:143 - Starting discovery on URL identifier: https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.682+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,682 INFO HttpCache:316 - Returning cached HEAD response for https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.683+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,682 INFO HttpCache:117 - Returning cached GET response for https://openid.stackexchange.com/xrds|#]
[#|2011-11-29T12:20:16.704+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,704 INFO YadisResolver:264 - Yadis discovered 1 endpoints from: https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.706+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,706 INFO Discovery:164 - Discovered 1 OpenID endpoints.|#]
[#|2011-11-29T12:20:16.707+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,707 ERROR ConsumerManager:1740 - No service element found to match the ClaimedID / OP-endpoint in the assertion.|#]
[#|2011-11-29T12:20:16.709+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,708 ERROR ConsumerManager:1164 - Discovered information verification failed.|#]
我已验证
- 发送和接收上的 getManager()部分是同一个对象,
- 两个部分的 sessionId 是相同的,
我已经与这个问题斗争了 2 天,我似乎被困住了。我将非常感谢任何指点。
编辑:
我刚刚使用 myopenid.com 上的 openid 帐户测试了相同的代码,它可以工作。我真的很困惑现在的问题是什么:|
i am trying to implement openid authentication in a JSF2 application and everything seems to be working fine until the moment where the application needs to verify the openid-server's response (in my case stackexchange).
i have already checked out the openid4java source to debug and track the problem down but i cannot seem to find the reason why it fails. the code is based on the example code from the openid4java website.
first i am crafting a request like this:
if (getManager() == null) {
setManager(new ConsumerManager());
}
try {
// perform discovery on the user-supplied identifier
List discoveries = getManager().discover(getOpenIdIdentifier());
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = getManager().associate(discoveries);
// store the discovery information in the user's session for later use
// leave out for stateless operation / if there is no session
((HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false)).setAttribute("discovered", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = getManager().authenticate(discovered, RETURN_URL);
FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute("email", "http://schema.openid.net/contact/email", true);
// attach the extension to the authentication request
authReq.addExtension(fetch);
FacesContext.getCurrentInstance().getExternalContext().redirect(authReq.getDestinationUrl(true));
} catch (Exception ex) {
ex.printStackTrace();
}
i am being redirected to https://openid.stackexchange.com/, i use my email & pw to log in and stackexchange redirects me back to RETURN_URL where the following servlet is waiting:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
User u = ((User) request.getSession().getAttribute("user"));
response.setContentType("text/html;charset=UTF-8");
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("discovered");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (queryString != null && queryString.length() > 0) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response
try {
VerificationResult verification = u.getManager().verify(receivingURL.toString(), openidResp, discovered); // here is where ERROR ConsumerManager:1740 - No service element found to match the ClaimedID / OP-endpoint in the assertion. happens
Identifier verifiedId = verification.getVerifiedId();
if (verifiedId != null) {// success, use the verified identifier to identify the user
AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
String email = (String) fetchResp.getAttributeValues("email").get(0);
u.autoAuthByEmail(email);
response.sendRedirect("/");
}
} else {// OpenID authentication failed
u.setLoggedIn(false);
response.getOutputStream().print("auth failed. <a href=\"/\">home</a>");
}
} catch (Exception e) {
e.printStackTrace();
}
}
here is what i get in the server.log (RETURN_URL replaced with mydomain.org):
[#|2011-11-29T12:20:16.117+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,116 INFO Discovery:143 - Starting discovery on URL identifier: https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.119+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,119 INFO HttpCache:316 - Returning cached HEAD response for https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.121+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,120 INFO HttpCache:117 - Returning cached GET response for https://openid.stackexchange.com/xrds|#]
[#|2011-11-29T12:20:16.145+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,145 INFO YadisResolver:264 - Yadis discovered 1 endpoints from: https://openid.stackexchange.com/|#]
[#|2011-11-29T12:20:16.147+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,147 INFO Discovery:164 - Discovered 1 OpenID endpoints.|#]
[#|2011-11-29T12:20:16.149+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,148 INFO ConsumerManager:705 - Trying to associate with https://openid.stackexchange.com/openid/provider attempts left: 4|#]
[#|2011-11-29T12:20:16.152+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,151 INFO ConsumerManager:714 - Found an existing association: {634581615862250013}{M+QESA==}{32}|#]
[#|2011-11-29T12:20:16.154+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,153 INFO ConsumerManager:1063 - Creating authentication request for OP-endpoint: https://openid.stackexchange.com/openid/provider claimedID: http://specs.openid.net/auth/2.0/identifier_select OP-specific ID: http://specs.openid.net/auth/2.0/identifier_select|#]
[#|2011-11-29T12:20:16.156+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,155 INFO RealmVerifier:282 - Return URL: http://mydomain.org/openid matches realm: http://mydomain.org/openid|#]
[#|2011-11-29T12:20:16.679+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,679 INFO ConsumerManager:1121 - Verifying authentication response...|#]
[#|2011-11-29T12:20:16.680+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,680 INFO ConsumerManager:1145 - Received positive auth response.|#]
[#|2011-11-29T12:20:16.681+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,681 INFO Discovery:143 - Starting discovery on URL identifier: https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.682+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,682 INFO HttpCache:316 - Returning cached HEAD response for https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.683+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,682 INFO HttpCache:117 - Returning cached GET response for https://openid.stackexchange.com/xrds|#]
[#|2011-11-29T12:20:16.704+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,704 INFO YadisResolver:264 - Yadis discovered 1 endpoints from: https://openid.stackexchange.com/user/2d34c1da-cca8-4095-83be-eee02722879b|#]
[#|2011-11-29T12:20:16.706+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,706 INFO Discovery:164 - Discovered 1 OpenID endpoints.|#]
[#|2011-11-29T12:20:16.707+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,707 ERROR ConsumerManager:1740 - No service element found to match the ClaimedID / OP-endpoint in the assertion.|#]
[#|2011-11-29T12:20:16.709+0100|INFO|glassfish3.1.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=46;_ThreadName=Thread-2;|12:20:16,708 ERROR ConsumerManager:1164 - Discovered information verification failed.|#]
i have verified that
- getManager() on the sending and the receiving part is the same object
- the sessionId on both parts is identical
i have been fighting with this problem for 2 days now and i seem to be stuck. i would be very thankful for any pointers.
EDIT:
i just tested the same code with an openid account at myopenid.com and there it works. i am really confused about what the problem is now :|
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论