tags:

views:

196

answers:

2
+5  Q: 

How do you get AOL's OpenID site verification to work?

I have an OpenID relying party setup and using XRDS. It passes the "RP has discoverable return_to" interop test over at http://test-id.org/RP/DiscoverableReturnTo.aspx.

Yahoo no longer complains with the message "Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent." as outlined in Andrew Arnott's excellent blog post: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

However, when I try to authenticate using AOL I see the "Warning! site verification could not be completed." message.

+1  A: 

Maybe it's just a cached response from AOL and tomorrow it goes away. Just a thought. The test-id.org test and Yahoo test you've already done should demonstrate you're doing it right.

Please let us know if there's a novel requirement AOL holds you to that others don't.

Andrew Arnott  2010-03-26 02:47:17
Yeah, still happening with AOL. Yahoo is working as expected.
Shawn Miller  2010-04-05 22:52:14
Still happening...
danorton  2010-10-03 02:34:30
+1  A: 

When verifying the return_to value, AOL doesn’t support the RFC 4366 TLS "Server Name Indication" (SNI) extension, which allows multiple SSL certificates on the same IP address. If your server is so configured, AOL will only see the default certificate for the IP address. If it doesn’t happen to match the certificate of the relying website, AOL will (incorrectly) report an error.

i.e. This is an AOL bug.

danorton  2010-10-03 03:52:45
Would the same thing go for a site using wildcard certificates?
Shawn Miller  2010-10-07 00:23:24
Not if it’s the same thing that I saw, which happens when there is more than one certificate on the same IP address.
danorton  2010-10-13 20:07:12

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?