We are attempting to implement OpenID (as a relying party) using the OpenID jQuery plugin (like StackOverflow) and DotNetOpenAuth.
We can't get AOL to work. DotNetOpenAuth redirects using http://openid.aol.com/{username} just fine, but when we successfully authenticate and it redirects back to our site, this code is run: (abbreviated)
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
// Not sure if we want to stick with this, just trying to get it to WORK once
openid.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10;
openid.SecuritySettings.RejectUnsolicitedAssertions = false;
IAuthenticationResponse resp = openid.GetResponse();
// Results:
// resp.Status == AuthenticationStatus.Failed
// resp.Exception == DotNetOpenAuth.Messaging.ProtocolException
// resp.Exception.Message == "Unsolicited assertions are not allowed from 1.0 OpenID Providers."
}
Does anyone know what would cause this? I find it hard to search for what an unsolicited assertion even IS. Or documentation about what version of OpenID it is that AOL supports.
EDIT: Requested log4net logs, here they are:
2010-02-01 09:04:45,217 (GMT-6) [12] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.3.1.9337, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
2010-02-01 09:04:45,246 (GMT-6) [12] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/
2010-02-01 09:04:45,254 (GMT-6) [12] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/
2010-02-01 09:04:56,448 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP GET http://openid.aol.com/DuctTapeNT
2010-02-01 09:04:56,588 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Total services discovered in HTML: 1
2010-02-01 09:04:56,590 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - [{
ClaimedIdentifier: http://openid.aol.com/DuctTapeNT
ProviderLocalIdentifier: http://openid.aol.com/DuctTapeNT
ProviderEndpoint: https://api.screenname.aol.com/auth/openidServer
OpenID version: 1.1
Service Type URIs:
http://openid.net/signon/1.1
},]
2010-02-01 09:04:56,606 (GMT-6) [10] INFO DotNetOpenAuth.Yadis - Performing discovery on user-supplied identifier: http://openid.aol.com/DuctTapeNT
2010-02-01 09:04:56,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Filtering and sorting of endpoints did not affect the list.
2010-02-01 09:04:56,616 (GMT-6) [10] INFO DotNetOpenAuth.OpenId - Creating authentication request for user supplied Identifier: http://openid.aol.com/DuctTapeNT
2010-02-01 09:04:56,638 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckIdRequest (1.1) message.
2010-02-01 09:04:56,712 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
2010-02-01 09:04:56,713 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 09:04:56,715 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message.
2010-02-01 09:04:56,716 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 09:04:56,718 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 09:04:56,724 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckIdRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer:
openid.identity: http://openid.aol.com/DuctTapeNT
openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT
openid.trust_root: http://*.seekitlocal.com/
openid.mode: checkid_setup
openid.ns.sreg: http://openid.net/extensions/sreg/1.1
openid.sreg.required:
openid.sreg.optional: email,fullname,gender,country
2010-02-01 09:04:56,726 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending message: CheckIdRequest
2010-02-01 09:04:56,730 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - Redirecting to https://api.screenname.aol.com/auth/openidServer?openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.trust_root=http%3A%2F%2F%2A.seekitlocal.com%2F&openid.mode=checkid_setup&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.required=&openid.sreg.optional=email%2Cfullname%2Cgender%2Ccountry
2010-02-01 09:05:13,253 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D
2010-02-01 09:05:13,254 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D
2010-02-01 09:05:13,271 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse
2010-02-01 09:05:13,277 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (1.1) message:
openid.identity: http://openid.aol.com/DuctTapeNT
openid.sig: utUiJJNfsRYobq3BiPraBubeI9c=
openid.signed: identity,return_to
openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D
openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT
openid.response_nonce: 2010-02-01T15:05:13Z
openid.mode: id_res
ReturnUrl: http://dev.seekitlocal.com/
dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT
dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer
dnoa.claimed_id: http://openid.aol.com/DuctTapeNT
2010-02-01 09:05:13,282 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 09:05:13,286 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message.
2010-02-01 09:05:13,289 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: utUiJJNfsRYobq3BiPraBubeI9c=
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (1.1) message.
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 09:05:13,309 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 09:05:13,310 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 09:05:13,312 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer:
openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT
openid.mode: check_authentication
openid.identity: http://openid.aol.com/DuctTapeNT
openid.sig: utUiJJNfsRYobq3BiPraBubeI9c=
openid.signed: identity,return_to
openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D
openid.response_nonce: 2010-02-01T15:05:13Z
ReturnUrl: http://dev.seekitlocal.com/
dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT
dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer
dnoa.claimed_id: http://openid.aol.com/DuctTapeNT
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request.
2010-02-01 09:05:13,548 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP POST https://api.screenname.aol.com/auth/openidServer
2010-02-01 09:05:13,612 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response.
2010-02-01 09:05:13,612 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (1.1) message:
is_valid: true
openid.mode: id_res
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 09:05:13,615 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 09:05:13,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 09:05:13,619 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 09:05:13,620 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 09:05:13,624 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 09:05:13,625 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (1.1) message is:
is_valid: true
openid.mode: id_res
2010-02-01 09:05:13,626 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 09:05:13,627 (GMT-6) [10] ERROR DotNetOpenAuth.OpenId - Incoming message is expected to have a nonce, but the return_to parameter is not signed.
2010-02-01 09:05:13,629 (GMT-6) [10] ERROR DotNetOpenAuth.Messaging - Protocol error: Unsolicited assertions are not allowed from 1.0 OpenID Providers.
at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args)
at DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement.ProcessIncomingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message)
at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest)
at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo)
at IDM.Controls.OpenIDLogin.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.HttpContext.InvokeCancellableCallback(WaitCallback callback, Object state)
at System.Web.UI.Page.AsyncPageBeginProcessRequest(HttpContext context, AsyncCallback callback, Object extraData)
at IDM.Components.SILBasePage.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)