SSO - OpenID endpoint not found

Question

SSO - OpenID endpoint not found

I am trying to get openid SSO to work with dotnetopenauth.

I have two separate projects that are debugged separately (both on localhost and on two different ports), one of which acts as a provider, and the other as a relying party.

The assuming side runs on localhost:1903 . The provider runs on localhost:3314 .

Member ID:

  public ActionResult Authenticate() { UriBuilder returnToBuilder = new UriBuilder(Request.Url); returnToBuilder.Path = "/OpenId/"; returnToBuilder.Query = null; returnToBuilder.Fragment = null; Uri returnTo = returnToBuilder.Uri; returnToBuilder.Path = "/"; Realm realm = returnToBuilder.Uri; realm = "http://localhost:3314/OpenId/"; returnTo = new Uri("http://localhost:3314/OpenId/"); var response = openid.GetResponse(); if (response == null) { if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) { } else { string strIdentifier = "testidentifier"; var request = openid.CreateRequest( strIdentifier, realm, returnTo); var fetchRequest = new FetchRequest(); request.AddExtension(fetchRequest); request.RedirectToProvider(); } } else { switch (response.Status) { case AuthenticationStatus.Canceled: //stuff got cancelled for some reason break; case AuthenticationStatus.Failed: //response.Exception.Message; break; case AuthenticationStatus.Authenticated: //a bunch of applying roles that i don't think we care about break; } } return new EmptyResult(); }

Supplier Code:

  public ActionResult Index() { IAuthenticationRequest iR = (IAuthenticationRequest)Request; if (iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) { iR.IsAuthenticated = false; return new EmptyResult(); } if (iR.IsDirectedIdentity) { if (User.Identity.IsAuthenticated) { iR.LocalIdentifier = BuildIdentityUrl(); iR.IsAuthenticated = true; } else { if (iR.Immediate || ImplicitAuth) { iR.IsAuthenticated = false; } else { if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) { return RedirectToAction("Login", "User"); } } } } else { string userOwningOpenIdUrl = ExtractUserName(iR.LocalIdentifier); iR.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name; if (!iR.IsAuthenticated.Value && !ImplicitAuth && !iR.Immediate) { if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) { return RedirectToAction("Login", "User"); } } } if (iR.IsAuthenticated.Value) { var fetchRequest = iR.GetExtension<FetchRequest>(); if (fetchRequest != null) { var fetchResponse = new FetchResponse(); //roles and stuff iR.AddResponseExtension(fetchResponse); } } return new EmptyResult(); }

I get an error when I run relying party code using the openid.CreateRequest method. I have enabled the code debugging of my provider, and it never hits.

Examining the error, I found many suggestions about problems with proxies, but this should not be a problem for me, since I'm only going to localhost.

This may be something pretty obvious, but I don't understand what I'm doing wrong.

Thanks in advance for your help!

EDIT: FYI, I got this code from DotNetOpenAuth samples.

+3

c # asp.net-mvc openid dotnetopenauth single-sign-on

Mansfield Sep 13 '12 at 17:02

source share

3 answers

I'm not sure you have the same problem as mine, but ... For me, I got this error after it called me for openid if I entered something like "bob" as the username . When I entered a valid public identifier, such as dumdum@yahoo.com , it passed this problem. It seems that exception handling for completely unbelievable public identifiers should be buttoned.

+1

dumdum Sep 17 '12 at 18:49

source share

I had the same problem recently, and it turned out that the problem is not in my application, but on the server side of openID. When the openID server was called, it returned 500 - an internal server error, and my application chose a protocol exception - the OpenID endpoint was not found in the openId.CreateRequest(Identifier.Parse(openIdServer)) .

I contacted the OpenID server administrator, who fixed the internal server error, and everything works just fine (as before the error).

Why is DotNetOpenAuth throwing such a stupid exception that is a question ...

0

Matyas Apr 15 '15 at 5:42

source share

Mansfield · Accepted Answer · 2012-09-20T13:27:32+0000

Well, I ended up going through the source manually and somewhat understood the problem.

It turns out dumdum was somewhat correct - my first problem was that he wanted the URI to be an identifier, so as soon as I changed my identifier to http://localhost:3314/OpenId/ (even if it’s not like that such), I overcame this exception.

The second problem was that I forgot to add information to web.config - so localhost not included in the white list and CreateRequest failed.

After I fixed these two questions, my provider code got a good tone - I ran into other errors, but this is for a separate question that I imagine.

Web.Config:

 <configSections> <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth"> <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/> <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/> <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/> <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/> </sectionGroup> </configSections> <dotNetOpenAuth> <openid> <relyingParty> <security requireSsl="false"> <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --> <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true"> <add endpoint="https://www.google.com/accounts/o8/ud" /> </trustedProviders>--> </security> <behaviors> <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible with OPs that use Attribute Exchange (in various formats). --> <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/> <!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth" />--> </behaviors> <!-- Uncomment the following to activate the sample custom store. --> <!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />--> </relyingParty> </openid> <messaging> <untrustedWebRequest> <whitelistHosts> <!-- since this is a sample, and will often be used with localhost --> <add name="localhost"/> </whitelistHosts> </untrustedWebRequest> </messaging> <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --> <reporting enabled="true"/> </dotNetOpenAuth>

SSO - OpenID endpoint not found

More articles: