LightOpenID validate()在Google Apps上失败 [英] LightOpenID validate() fail on Google Apps
问题描述
我正在使用LightOpenID来针对Google Apps验证OpenID.我发出了初始的authURL()请求,一切都很好.我调用validate(),但失败了.通过大量回显,我已将其追溯到validate()的最后几行.
I'm using LightOpenID to authenticate OpenID against Google Apps. I make the initial authURL() request and things are good. I call validate() and it fails. Through copious echo's, i've tracked it down to the last few lines of validate().
从validate()中,传递给discover($ url)的url为https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid?id=117665028262121597341
From validate(), the url passed into discover($url) is https://www.google.com/accounts/o8/user-xrds?uri=http://my-domain.com/openid?id=117665028262121597341
discover()首先检查xrds位置,该位置不存在. discover()接下来检查content-type是否为xrds + xml,这是正确的. discover()检查Service(.*)/Service,这是正确的.这是Service//Service
discover() first checks for an xrds-location, which is not present. discover() next checks if the content-type is xrds+xml, which is true. discover() checks for Service(.*)/Service, which is true. Here is the snippet of Service,/Service
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<Type>http://openid.net/srv/ax/1.0</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
<Type>http://specs.openid.net/extensions/pape/1.0</Type>
<URI>https://www.google.com/a/<my domain>.com/o8/ud?be=o8</URI>
</Service>
discover()发现我们正在使用OpenID 2,并将URI字段提取到$ server变量中. discover()继续提取CanonicalID,发现Google支持AX而不支持SREG.最后,discover()将$ server返回为https://www.google.com/a/my-domain.com/o8/ud?be=o8
discover() sees that we are using OpenID 2 and extracts the URI field into the $server variable. discover() continues extracting the CanonicalID, finding that Google supports AX and not SREG. Finally, discover() returns $server as https://www.google.com/a/my-domain.com/o8/ud?be=o8
validate()继续清理data []中的每个字段,这取决于是否使用了magic_quotes.它将openid.mode设置为"check_authentication",请求discover($ url)和preg的"/is_valid:true"返回的$ server.这是最后一个preg_match失败. $ server网址不返回验证,而是说:您请求的页面无效."
validate() continues by cleaning up each field in data[], depending on magic_quotes or not. It sets openid.mode to 'check_authentication', requests the $server returned by discover($url) and preg's for '/is_valid:true'. It is this last preg_match that fails. The $server url does not return a validation but instead says, "The page you requested is invalid."
我正在寻找的答案是用于Google Apps验证的正确网址.网址应该是什么样,我将仔细研究Google Apps返回的信息,看看是否有类似的内容.
The answer I'm looking for is the correct url for Google Apps validation. A close second would be what the url should look like and I'll dig through the info returned by Google Apps and see if I have something like that.
已添加:不确定是否重要,但是我确实有一个/.well-known/host-meta文件.这里是内容:
Link: <https://www.google.com/accounts/o8/site-xrds?hd=my-domain.com>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
ADDED: Not sure if this matters but I do have a /.well-known/host-meta file in place. Here are the contents:
Link: <https://www.google.com/accounts/o8/site-xrds?hd=my-domain.com>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
让我知道您是否需要更多代码或数据.
Let me know if you want more code or data.
谢谢, 埃里克·B.
推荐答案
确保您的服务器上已安装PHP curl扩展.最近,我们在生产中遇到了完全相同的症状,这与服务器配置的问题有关.
Make sure PHP curl extension has been installed on your server. We have encountered exact same symptoms in production recently and it was related to an issue of server provisioning.
如果您在Debian上运行应用程序,只需使用:
If you're running an app on Debian, simply use:
apt-get install php5-curl
这篇关于LightOpenID validate()在Google Apps上失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
