When it comes to OpenId, Yahoo has some real trust issues. Getting Yahoo to work with OpenId wasn’t difficult at all. But when I signed-in to Yahoo from my website , this is the message that greeted me
Warning: Yahoo! cannot verify this website. We recommend you do not share any personal information with this website.
For a second, I was scared to signin to my own website !!!
So far, I have tested OpenId with Google, Yahoo, and MyopenId – this is the only provider I have found which is so touchy. (If this is for a good reason, then why don’t others care as well ???)
Anyway- this is how I fixed this…
Basically, you need to provide an XRD document to the OpenId provider. This blog post is an excellent read on this -
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
Another good resource I found was http://wilkinsonlab.ca/home/node/31
These two resources cover it all, but in case you are looking for grails or Acegi specific advice- following might help.
1) Authoring an XRD document.
You can download my code from here . Few points worth noting:
A) Yes. It’s a GSP
B) No. I have no qualms sharing my XRD document – since it has nothing- which violates the security of my application or server and in any case, its a public document.
C) I have put it right under my grails-app\views folder.
D) Note that it sets the content type to “application/xrds+xml”.
E) I have avoided hard-coding the serverURL in this document (Not a must- but I found it useful , since I deploy my application on multiple environments.)
2) Publishing the XRD document location
You now need to publish the location of your XRD document . For this, I made changes to layout\main.gsp .
I guess you could do this elsewhere as well, but I found this to be a convenient spot.
I added this at the top of the page – next to other meta information.
<meta http-equiv=”X-XRDS-Location” content=”${grailsApplication.config.grails.serverURL}/xrds_xml.gsp”/>
3) Changing the realm URL
This maybe Grails\Acegi specific. I am using the LoginController that was generated by the Acegi plugin.
When we send the request to the OpenId Provider, we send two parameters – returnTo URL and realm URL. The Return to URL is something like this… http://example.com/j_spring_openid_security_check
By default, the realm URL is same as returnTo URL. Now realm URL is the URL where you have published the XRD document. So I altered the LoginController.openIdAuthenticate to provide a different realm URL
String realm = configService.getServerURL ()
String redirectUrl = openIDConsumer.beginConsumption(request, openID, returnToURL,realm)
The changes in italics are what I added.
For the more “groovy” folks out there- this may not be a very elegant way of doing this- if you know of a better way, please let me know .
And oh yes the versions I used…
Grails 1.2.2
Acegi plugin 0.5.2
It would have been cool if the Acegi plugin had some native support for publishing XRD document , but as far as I could see- there was none or maybe I wasn’t looking in the right place.
Also if you have just started on OpenId implementation in Grails. it might also be worthwhile giving the new security plugin a try – http://grails.org/plugin/spring-security-openid. I haven’t tried it myself, but its description seems promises. Though, not sure if it has support for authoring XRD document.
Recent Comments