| Yubico Forum https://forum.yubico.com/ |
|
| My own OpenID server https://forum.yubico.com/viewtopic.php?f=16&t=63 |
Page 2 of 2 |
| Author: | network-marvels [ Wed Jan 27, 2010 12:49 pm ] |
| Post subject: | Re: My own OpenID server |
We would appreciate if you can provide us the following information:
2) Web Server details like Apache or IIS, version number etc. 3) PHP details like version number 5) Database details like version number of MySQL |
|
| Author: | mat [ Wed Jan 27, 2010 4:13 pm ] |
| Post subject: | Re: My own OpenID server |
I've installed the server on both Ubuntu Server 9.10 64-bit using Apache 2.2.14 and Windows Server 2008 R2 using IIS 7.5, both are using PHP version 5.2.12. The Linux machine is running MySQL Community Server version 5.1.42, the Windows machine is currently using the Filesystem (will be changing to the same version of MySQL at a later point in time). I'm having the same issue on both machines. |
|
| Author: | network-marvels [ Tue Feb 16, 2010 4:49 pm ] |
| Post subject: | Re: My own OpenID server |
We successfully installed Yubico OpenID server in our environment on Ubuntu server 9.10. Depending on our observation, the error you are getting seems be due to certificate error. It seems that you are using self signed certificates. If you use self signed certificate, OpenID enabled application seems to reject the OpenID server. We would appreciate if you can confirm the followings:
2) Are you able to successfully use your hosted Yubico openid server in case you use identifier in http? 3) Are you facing this problem only when you use https in identifier? We would also appreciate if you can use Yubico hosted OpenID server available at https://openid.yubico.com and try again. |
|
| Author: | mat [ Wed Feb 17, 2010 5:19 pm ] |
| Post subject: | Re: My own OpenID server |
You were correct about the Self Signed Certificates, we're now using certificates signed by CACert.org, the Linux server works flawlessly with both HTTP and HTTPS identifiers. We're still having issues with the Windows Server, however. I've tried using the Yubico hosted OpenID Server, the consumer on the Windows machine still doesn't like the HTTPS identifier (the Linux machine will accept it from your hosted server as well, however). HTTP identifiers do work on the Windows machine. For the record we've also changed the Windows server to use MySQL Community Server version 5.1.42 rather than the Filesystem. |
|
| Author: | network-marvels [ Thu Feb 18, 2010 11:13 am ] |
| Post subject: | Re: My own OpenID server |
From the information provided by you, it seems that the CACert certificate authority is not added to the trusted root certificate authorities in web browsers running on your Windows box. CACert is not present in the default list of trusted root certificate authorities in IE 8 and FireFox 3.5.7. As the identifier is correctly working with http, it seems that this is not an issue with the Yubico OpenID server. As identifier is not working only with https, it seems to be some sort of certificate issue. |
|
| Author: | mat [ Thu Feb 18, 2010 3:06 pm ] |
| Post subject: | Re: My own OpenID server |
If it's a certificate issue on my end then should an HTTPS identifer provided by your own server @ https://openid.yubico.com still work since it would be dealing with your certificate? Even while using self-signed certificates the Linux machine still had no issues with HTTPS identifiers from other OpenID providers. |
|
| Author: | network-marvels [ Fri Feb 19, 2010 2:45 pm ] |
| Post subject: | Re: My own OpenID server |
It would be helpful if you can provide us following information:
2) Are you able to login to your application when you use other OpenID providers using both http and https identifiers? 3) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Linux machine using both http and https identifiers? 4) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Linux machine using both http and https identifiers? 5) Are you able to login to your application when you use online Yubico OpenID server (openid.yubico.com) from a Windows machine using both http and https identifiers? 6) Are you able to login to your application when you use your locally hosted Yubico OpenID server from a Windows machine using both http and https identifiers? Along with the above information, please send us the exact error messages you are getting while using the Yubico OpenID server (online and locally hosted). |
|
| Author: | mat [ Mon Feb 22, 2010 3:29 pm ] |
| Post subject: | Re: My own OpenID server |
Along with the above information, please send us the exact error messages you are getting while using the Yubico OpenID server (online and locally hosted).[/quote]
2) On the Windows server HTTP identifiers from other providers work, HTTPS identifiers do not. On the Linux server both HTTP and HTTPS identifiers work from other providers. 3) Yes, using the Linux machine, the HTTP and HTTPS identifiers from the Yubico OpenID server (openid.yubico.com) both work. 4) Yes, using the Linux machine, the HTTP and HTTPS identifiers from our locally hosted Yubico OpenID server both work. 5) No, using the Windows machine, the HTTP identifier provided by the Yubico OpenID server (openid.yubico.com) works, the HTTPS identifier does not. 6) No, using the Windows machine, the HTTP identifier provided by our locally hosted Yubico OpenID server works, the HTTPS identifier does not. We get the same error message regardless of provider (your own (openid.yubico.com), someone elses, or locally hosted). It is as follows: Quote: Authentication error; not a valid OpenID.
|
|
| Author: | network-marvels [ Tue Feb 23, 2010 10:35 am ] |
| Post subject: | Re: My own OpenID server |
Yubico development team has recently updated it's OpenID server. The latest source code of the updated OpenID server can be downloaded from the following link: http://code.google.com/p/yubico-openid-server/ Please use the updated OpenID server and try again. |
|
| Page 2 of 2 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|