Search Results

Search found 4487 results on 180 pages for 'openid provider'.

Page 5/180 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • LinkedIn / Twitter / Facebook as OAuth and OpenId use

    - by monkeylee
    Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but if anyone can advise a solution for my issue. I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result. I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates. I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services. Any ideas or issues to this issue Lee

    Read the article

  • App Engine remote_api with OpenID

    - by hawkettc
    Hi, I've recently tried to switch my app engine app to using openID, but I'm having an issue authenticating with remote_api. The old authentication mechanism for remote_api doesn't seem to work (which makes sense) - I'm getting a 'urllib2.HTTPError: HTTP Error 302: Found', which I assume is appengine redirecting me to the openid login page I've set up. I guess I'm missing something fairly obvious. Currently my remote_api script has the following in it - remote_api_stub.ConfigureRemoteDatastore(app_id=app_id, path='/remote_api', auth_func=auth_func, servername=host, secure=secure) where auth_func is def auth_func(): return raw_input('Username:'), getpass.getpass('Password:') Any ideas what I need to supply to remote_api? I guess similar issues would be encountered with bulkloader too. Cheers, Colin

    Read the article

  • OpenId with Desktop Application ?

    - by user284523
    We're using an API from a provider; in their next version, they would provide an OpenId server but mostly the users are using their desktop application. An other website we're building would be opened from this application and we supposedly would connect with openid to access the resources stored in this provider. Still I don't understand how this would work if user is already authenticated with the desktop, will they have to authenticate an other time ? What happens if they close their browser and reopen it, will they have to to do it again ?

    Read the article

  • Tomcat + Struts + OpenID raising ServletExceptions

    - by Rocjoe
    I am working with Tomcat 5.5.x with Struts 1.2 to run a rather large website (large w.r.t. source code). I'm looking to add OpenID to my website, mostly to access attribute exchange to help accelerate the registration process. Every Java implementation for OpenID I have attempted to use will cause a ServletException. Tracing this has been very difficult, but it seems merely instancing any class that makes use of Apache HttpClient will cause the crash. Is this a configuration problem I can address in the JVM, or is it positively wrong to try to initiate an outbound Http request from within an inbound Http request?

    Read the article

  • android content provider robustness on provider crash

    - by user1298992
    On android platforms (confirmed on ICS), if a content provider dies while a client is in the middle of a query (i.e. has a open cursor) the framework decides to kill the client processes holding a open cursor. Here is a logcat output when i tried this with a download manager query that sleeps after doing a query. The "sleep" was to reproduce the problem. you can imagine it happening in a regular use case when the provider dies at the right/wrong time. And then do a kill of com.android.media (which hosts the downloadProvider). "Killing com.example (pid 12234) because provider com.android.providers.downloads.DownloadProvider is in dying process android.process.media" I tracked the code for this in ActivityManagerService::removeDyingProviderLocked Is this a policy decision or is the cursor access unsafe after the provider has died? It looks like the client cursor is holding a fd for an ashmem location populated by the CP. Is this the reason the clients are killed instead of throwing an exception like Binders when the server (provider) dies ?

    Read the article

  • How to have LiveJournal delegate my OpenID to something else?

    - by T-Boy
    I understand that if I have full control over my domain, I can set it up so that I can delegate the task of authenticating to another OpenID service provider. The problem is, what I'd like to do is to get the LiveJournal server to pass the authentication to someone else, instead of having LJ doing it. Preferably what I'd like to do is get LiveJournal, when asked by a web site, say, "No, I don't do it anymore -- go to this address". The plan was that this address would then be in a domain I fully control, which then would pass it on to whichever service provider I choose. I don't even know if I've gotten my understanding of OpenID right, if all this shenanigans are necessary, if my question makes sense, or if it's even possible with a service provider like Livejournal. ETA: Doing a little more reading up, and examining the source for my LiveJournal user page, I note that this particular line in the file's <header> area: <link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" /> I suspect that changing this will allow me to forward OpenID requests to whomever I wish, I think; so far so good. Now comes the hard part -- figuring out how to change all of that using LiveJournal's customization options, if that is at all possible (here's hoping I don't need to pay to get that functionality).

    Read the article

  • DotNetOpenAuth RelayParty not working on load balanced cluster

    - by Garth
    We're trying to move an ASP.NET MVC application, which uses DotNetOpenAuth OpenID Version 3.4.1, from a single server web garden to a physical server cluster held behind a hardware load balancer. Our old setup (OpenID RP working): Browser = SHTTP = Server = WebGarden = Nonce/Session Store Our new setup (OpenID RP not working): Browser = SHTTP = Load Balancer = HTTP = Cluster Node = WebGarden = Nonce/Session Store DB When we authenticate with the new setup we are correctly redirected to the OpenID Provider but after authenticated we are redirected back to our cluster (relay party) and get the following exception: Exception DotNetOpenAuth.Messaging.ProtocolException: Redirects on POST requests that are to untrusted servers is not supported. at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\ErrorUtilities.cs:line 235 at DotNetOpenAuth.Messaging.UntrustedWebRequestHandler.GetResponse(HttpWebRequest request, DirectWebRequestOptions options) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\UntrustedWebRequestHandler.cs:line 258 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.GetDirectResponse(HttpWebRequest webRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 277 at DotNetOpenAuth.Messaging.Channel.RequestCore(IDirectedProtocolMessage request) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 542 at DotNetOpenAuth.Messaging.Channel.Request(IDirectedProtocolMessage requestMessage) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 425 at DotNetOpenAuth.Messaging.Channel.Request[TResponse](IDirectedProtocolMessage requestMessage) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 405 at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\SigningBindingElement.cs:line 154 at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 992 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 386 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 501 We have added a machines involved into the trusted machine list and turned off requires ssl but it makes no difference. We even tried removing out nonce store and using a stateless connection, but that didn't work either. We always get the same error. We suspected the issue is arising as a result of the cluster node having a different IP from the load balancer when it connects to the OpenID Provider, but we're not sure. Any ideas?

    Read the article

  • DotNetOpenAuth OpenID on ISA 2006 Reverse Proxy problem

    - by userb00
    I am trying to host my site that uses DotNetOpenAuth (OpenID) behind ISA 2006 (reverse proxy), and after it authenticated with a provider (such as Google), and it returns with a URL with %253A in the URL. However, ISA HTTP filter rejects the request. What I need to do is, on ISA web publishing rule, right click config HTTP policy properties uncheck "Verify Normalization" and it worked. Is this a problem on ISA 2006 generally? Are other firewalls having similar problems? Or, is it an OpenID or DotNetOpenAuth issue? Is it safe to disable Normalization checking on ISA? According to MSDN, quote "Web servers receive requests that are URL encoded. This means that certain characters may be replaced with a percent sign (%) followed by a particular number. For example, %20 corresponds to a space, so a request for http://myserver/My%20Dir/My%20File.htm is the same as a request for http://myserver/My Dir/My File.htm. Normalization is the process of decoding URL-encoded requests. Because the % can be URL encoded, an attacker can submit a carefully crafted request to a server that is basically double-encoded. If this occurs, Internet Information Services (IIS) may accept a request that it would otherwise reject as not valid. When you select Verify Normalization, the HTTP filter normalizes the URL two times. If the URL after the first normalization is different from the URL after the second normalization, the filter rejects the request. This prevents attacks that rely on double-encoded requests. Note that while we recommend that you use the Verify Normalization function, it may also block legitimate requests that contain a %."

    Read the article

  • [SOLVED]: Delegate OpenID to Google (NOT Google Apps)

    - by Rio
    OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it. Not sure if this is the correct way to use SO, but here it goes: Now it is possible delegate OpenID to your Google account (not Google Apps). No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account! First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below. Now add the following HTML code to your delegating page: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" > <link rel="openid2.local_id" href="http://www.google.com/profiles/[YOUR PROFILE ID]" > And it's done. Now try login SO with your custom url!

    Read the article

  • Delegate OpenID to Google (NOT Google Apps)

    - by Rio
    OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it. Not sure if this is the correct way to use SO, but here it goes: Now it is possible delegate OpenID to your Google account (not Google Apps). No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account! First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below. Now add the following HTML code to your delegating page: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" > <link rel="openid2.local_id" href="http://www.google.com/profiles/[YOUR PROFILE ID]" > And it's done. Now try login SO with your custom url!

    Read the article

  • Replacing mysql user authentication with openid

    - by David
    So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

    Read the article

  • Example usage of AX in PHP OpenID

    - by Supercharged
    I'm using JanRain's PHP OpenID library. It comes with example script which is using SReg extension. But I want it to work with Google (and it works for auth actually), but Google uses AX (attribute exchange) instead of SReg for additional data. For some reason, JanRain's library is missing AX support in example script, and code comments in AX script are out of my understanding, though comments in SReg script are clear as 1-2-3. Does anyone know how to implement AX without too much pain?

    Read the article

  • ASP.NET MVC: Implementing an OpenID sign-in page ala NerdDinner v2

    - by pcampbell
    Consider the log in page on NerdDinner.com: http://www.nerddinner.com/Account/LogOn Some nice features: jQuery effects on the OpenID choice popups for the other major providers Is this revision of the NerdDinner AccountController and its View available for public download? How would you reinvent this implementation? Any code you can post would be fine. Calling Jon Galloway!

    Read the article

  • Same OpenID code working on 1 server not working on another

    - by Frraaz
    We implemented OpenID for Google Marketplace on this online hosting and it worked perfectly fine. But its not working on another server which DOES NOT have cPanel unlike the online hosting. Its failing authentication with this message: "Nonce already used or out of range" Does anyone have any idea what could be causing this problem?

    Read the article

  • how to verify google openid response

    - by Broom
    I'm trying to add authorization throw google openid to my users. I'm receiving id (https://www.google.com/accounts/o8/id?id=AIt...Ew-Bo) but how can i check that it's legit. I mean user can create malicious request with email of another user, how can i check that returning email and claimed id is legit?

    Read the article

  • [C++] OpenID lib in C++?

    - by Jonathan
    Hi I need to use openid in a c++ website and can't find a working library to work with. I am trying to use this one http://kin.klever.net/libopkele/requirements but it stops the configure with this message: checking for OPENSSL... configure: error: no openssl library found. get one from http://www.openssl.org/ but my debian has openssl installed and libssl-dev libssl installed... any help please? Thanks, Jonathan

    Read the article

  • Any good OpenID php consumer libs?

    - by daniels
    I need a php lib that can auth using OpenID against sites offering this service, like Google, Yahoo, Wordpress, etc... Anyone used any lib that actuallly works? I've tryied a few but couldn't get any to auth against Google, Yahoo, or Wordpress.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >