Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:12 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: My own OpenID server
PostPosted: Wed Jan 27, 2010 12:49 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can provide us the following information:

    1) Operating system details like Linux or Windows, version number etc.
    2) Web Server details like Apache or IIS, version number etc.
    3) PHP details like version number
    5) Database details like version number of MySQL


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: My own OpenID server
PostPosted: Wed Jan 27, 2010 4:13 pm 
Offline

Joined: Mon Jan 25, 2010 4:39 pm
Posts: 5
I've installed the server on both Ubuntu Server 9.10 64-bit using Apache 2.2.14 and Windows Server 2008 R2 using IIS 7.5, both are using PHP version 5.2.12. The Linux machine is running MySQL Community Server version 5.1.42, the Windows machine is currently using the Filesystem (will be changing to the same version of MySQL at a later point in time).

I'm having the same issue on both machines.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Tue Feb 16, 2010 4:49 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We successfully installed Yubico OpenID server in our environment on Ubuntu server 9.10. Depending on our observation, the error you are getting seems be due to certificate error. It seems that you are using self signed certificates. If you use self signed certificate, OpenID enabled application seems to reject the OpenID server.

We would appreciate if you can confirm the followings:
    1) Are you using self signed certificates?
    2) Are you able to successfully use your hosted Yubico openid server in case you use identifier in http?
    3) Are you facing this problem only when you use https in identifier?

We would also appreciate if you can use Yubico hosted OpenID server available at https://openid.yubico.com and try again.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Wed Feb 17, 2010 5:19 pm 
Offline

Joined: Mon Jan 25, 2010 4:39 pm
Posts: 5
You were correct about the Self Signed Certificates, we're now using certificates signed by CACert.org, the Linux server works flawlessly with both HTTP and HTTPS identifiers.

We're still having issues with the Windows Server, however. I've tried using the Yubico hosted OpenID Server, the consumer on the Windows machine still doesn't like the HTTPS identifier (the Linux machine will accept it from your hosted server as well, however). HTTP identifiers do work on the Windows machine.

For the record we've also changed the Windows server to use MySQL Community Server version 5.1.42 rather than the Filesystem.


Last edited by mat on Thu Feb 18, 2010 3:00 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Thu Feb 18, 2010 11:13 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
From the information provided by you, it seems that the CACert certificate authority is not added to the trusted root certificate authorities in web browsers running on your Windows box. CACert is not present in the default list of trusted root certificate authorities in IE 8 and FireFox 3.5.7.

As the identifier is correctly working with http, it seems that this is not an issue with the Yubico OpenID server. As identifier is not working only with https, it seems to be some sort of certificate issue.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Thu Feb 18, 2010 3:06 pm 
Offline

Joined: Mon Jan 25, 2010 4:39 pm
Posts: 5
If it's a certificate issue on my end then should an HTTPS identifer provided by your own server @ https://openid.yubico.com still work since it would be dealing with your certificate?

Even while using self-signed certificates the Linux machine still had no issues with HTTPS identifiers from other OpenID providers.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Fri Feb 19, 2010 2:45 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
It would be helpful if you can provide us following information:

    1) The application for which you are trying to configure Yubico OpenID based authentication
    2) Are you able to login to your application when you use other OpenID providers using both http and https identifiers?
    3) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Linux machine using both http and https identifiers?
    4) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Linux machine using both http and https identifiers?
    5) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Windows machine using both http and https identifiers?
    6) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Windows machine using both http and https identifiers?

Along with the above information, please send us the exact error messages you are getting while using the Yubico OpenID server (online and locally hosted).


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Mon Feb 22, 2010 3:29 pm 
Offline

Joined: Mon Jan 25, 2010 4:39 pm
Posts: 5
Along with the above information, please send us the exact error messages you are getting while using the Yubico OpenID server (online and locally hosted).[/quote]

    1) Currently we are testing it using the example consumer page which was packaged with the server. Eventually the server will be used to authenticate to a secure web server.
    2) On the Windows server HTTP identifiers from other providers work, HTTPS identifiers do not. On the Linux server both HTTP and HTTPS identifiers work from other providers.
    3) Yes, using the Linux machine, the HTTP and HTTPS identifiers from the Yubico OpenID server (openid.yubico.com) both work.
    4) Yes, using the Linux machine, the HTTP and HTTPS identifiers from our locally hosted Yubico OpenID server both work.
    5) No, using the Windows machine, the HTTP identifier provided by the Yubico OpenID server (openid.yubico.com) works, the HTTPS identifier does not.
    6) No, using the Windows machine, the HTTP identifier provided by our locally hosted Yubico OpenID server works, the HTTPS identifier does not.

We get the same error message regardless of provider (your own (openid.yubico.com), someone elses, or locally hosted). It is as follows:

Quote:
Authentication error; not a valid OpenID.


Top
 Profile  
Reply with quote  
 Post subject: Re: My own OpenID server
PostPosted: Tue Feb 23, 2010 10:35 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Yubico development team has recently updated it's OpenID server. The latest source code of the updated OpenID server can be downloaded from the following link:

http://code.google.com/p/yubico-openid-server/

Please use the updated OpenID server and try again.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group