[mod-auth-openid] Google Apps OpenID

Rusty Burchfield gicodewarrior at gmail.com
Sat Mar 27 16:01:17 CDT 2010

On Sat, Mar 27, 2010 at 10:41 AM, Rusty Burchfield
<gicodewarrior at gmail.com>wrote:
> However, while submitting the retrieved identity provider by hand to the
> default login form redirects me to the authorization page for my domain,
> after accepting I am returned to the default login page with the message
> "There has been an error while attempting to authenticate."
> What is the best approach to debugging this sort of issue?  I have
> increased the LogLevel on my vhost, but that is not providing any additional
> relevant information.

OK.  I found where that message is referenced in the source code and
realized I needed to enable DEBUG at compile time.  After doing that I came
to this message:
"[mod_auth_openid] Error in authentication: OP is not authorized to make an
assertion regarding the identity"

That message traces back to libopkele inside verify_OP.  I am not sure what
it is trying to do in there though.

Independently I thought to check what server-side requests it was making and
noticed that it tries to retrieve my open id.  Google reports this as
http://example.com/openid?id=... where example.com is the custom domain.
 However there is nothing reasonable at that location so this may be part of
the problem.

I will look into disabling the fetch of the Open ID and make a post to
the Google Federated Login API group to see if anyone there has an answer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.butterfat.net/pipermail/mod-auth-openid/attachments/20100327/91860d5c/attachment.htm>

More information about the mod-auth-openid mailing list