Many OpenID implementations (including Gerrit 2.1.7) are developed based on the newer openid4java 0.9.6 to fix a security issue with 0.9.5, which requires servers to sign attributes to prevent them from being forged.

The following is an error thrown when attempting to login to Gerrit with Crowd OpenID:

[2011-10-05 17:46:24,014] WARN / : Unexpected error during authentication
org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed
at org.openid4java.message.Message.getExtension(Message.java:495)

We have to repackage and test Crowd OpenID with the latest version of the openid4java. Crowd currently ships with openid4java-0.9.5, we would need to test it with 0.9.6.