tags:

views:

31

answers:

1
+1  Q: 

openID and CakePHP : myopenID works, yahoo does not

I have set up a basic openID system using cakePHP (http://code.42dh.com/openid/) on my dev website: http://dev.cyclistsroadmap.com/users/login (forgive the debug output). It works perfectly for myopenID but does not for yahoo (flickr icon)

It returns with a identity url but insists "OpenID verification failed: No OpenID information found at https://me.yahoo.com/a/...." and doesn't work at all for google.

The fact that it works for myopenID leads me to believe that I have things set up correctly. Any clues as to why Yahoo is failing depsite the URL coming back?

EDIT: It appears that PHP might not be able to do SSL, is it possible that that is what is causing the Yahoo to fail?

+1  A: 

I've been down this exact same path just recently, took me a while to figure out. Have a look in your PHP error log, for me that's MAMP/logs/php_error.log. You'll probably find something along these lines:

Got no response code when fetching https://www.google.com/accounts/o8/ud  
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This may be a problem in local PHP/OpenSSL installations. The easiest way to fix this is to disable SSL verification in the bundled Yadis ParanoidHTTPFetcher:

Index: /app/vendors/Auth/Yadis/ParanoidHTTPFetcher.php
===================================================================
--- a/app/vendors/Auth/Yadis/ParanoidHTTPFetcher.php
+++ b/app/vendors/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -131,7 +131,9 @@
             if (defined('Auth_OpenID_VERIFY_HOST')) {
                 curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
                 curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+            } else {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
             }
             curl_exec($c);

             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -204,6 +206,8 @@
         if (defined('Auth_OpenID_VERIFY_HOST')) {
             curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
             curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+        } else {
+            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
         }

         curl_exec($c);

To enable SSL host verification on your production system, add something like this in core.php:

if (!Configure::read('debug')) {
    define('Auth_OpenID_VERIFY_HOST', true);
}
deceze  2010-10-22 01:22:18
This appears to have worked for Flickr (I think) will continue trying. Thanks for the solution! I wish this were a proper option rather than a hack. I'm on a pretty cheap server so I can easily imagine that the SSL is not really set up for me.
paullb  2010-10-27 16:11:37

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?