shibboleth-dev - Re: [Shib-Dev] Shibboleth IdP OpenID Extension
Subject: Shibboleth Developers
List archive
- From: Will Norris <>
- To:
- Subject: Re: [Shib-Dev] Shibboleth IdP OpenID Extension
- Date: Thu, 9 Sep 2010 08:56:50 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=meo+nellI46IwIEMOni034T+8tI5HrBlihCCHDMhpsB6ZQz9u6unz6Tc4x/XxHIvsr wyFtRo7WEDEtIXiYt+99j5VBMQt2SqtMlobcfxH30FwY6Pw4Psbl8/Ur+a3gAXZaf1xd TLi1XOILla1BslZ36q+51UDcz1n37WqpwYVdY=
from the language of the message, I'm guessing this is an error on Facebook's side? If so, then I wouldn't expect to see any errors in your shib logs, since the IdP is likely unaware of the problem. Have you been able to successfully login to other OpenID relying parties?
-will
On Tue, Aug 31, 2010 at 11:19 AM, Etan Weintraub <> wrote:
So...about 8 and 1/2 months later....I finally got the ability (read "time") to test this plugin out, and so far it seems to work well. I am having one instance of problem though.
I'm trying to link my Facebook account to my OpenID account and when I do, I get a message back that says:
OpenID signature error
The signature given by the OpenID provider did not match.
Any ideas what that means? No errors in my shib logs.
-Etan E. Weintraub
Team Leader - Enterprise Authentication
Senior Systems Engineer - Enterprise Directory
IT@Johns Hopkins Johns Hopkins at Mt. Washington
5801 Smith Ave.
Suite 3110B
Baltimore, MD 21209
Phone: 410-735-7945
E-mail:
-----Original Message-----
From: Etan Weintraub [mailto:]
Sent: Thursday, December 17, 2009 4:34 PM
To:
* Etan Weintraub <>Subject: RE: [Shib-Dev] Shibboleth IdP OpenID Extension
* PGP Signed: 12/17/09 at 16:34:18
Thanks Will. I'm going to try this out in our dev environment either tomorrow or sometime next week. I'll let you know how it goes.
-Etan E. Weintraub
Team Leader - Enterprise Authentication
Senior Systems Engineer - Enterprise Directory
IT@Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Suite 3110B
Baltimore, MD 21209
Phone: 410-735-7945
E-mail:
-----Original Message-----
From: Will Norris [mailto:]
Sent: Thursday, December 17, 2009 4:29 PM
To:
Subject: [Shib-Dev] Shibboleth IdP OpenID Extension
As many people are aware, we've been working for the last few months to add OpenID support to the Shibboleth IdP. I'm happy to say that we have an initial IdP extension that is ready for testing by the general Shibboleth community.
In the process of developing this extension, we identified a number of APIs in Shibboleth that cause considerable headache for supporting non-SAML and non-XML based protocols. This is important to note for two reasons. First, it means that not all the features we set out to support are included in this initial release. Of particular note, there is currently no support for user attributes. Second, as we continue to work out these issues, I expect the extension to change quite considerably in future releases... in terms of code, configuration, as well as features.
This initial release is provided as a proof of concept, and should be treated as such. It is not recommended to use this in anything remotely resembling a production deployment. While we are committed to continuing this work, and intend to provide an OpenID solution of the quality people have come to expect of Shibboleth, this initial release is most certainly not it.
Will that being said, you can read more about the IdP OpenID Extension at:
https://spaces.internet2.edu/display/SHIB2/IdP+OpenID
Please direct any questions and feedback to this mailing list (shibboleth-dev).
* 0x33B0BED5
- Re: [Shib-Dev] Shibboleth IdP OpenID Extension, Will Norris, 09/09/2010
Archive powered by MHonArc 2.6.16.