Description
Many OpenID implementations (including Gerrit 2.1.7) are developed based on the newer openid4java 0.9.6 to fix a security issue with 0.9.5, which requires servers to sign attributes to prevent them from being forged.
The following is an error thrown when attempting to login to Gerrit with Crowd OpenID:
[2011-10-05 17:46:24,014] WARN / : Unexpected error during authentication org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed at org.openid4java.message.Message.getExtension(Message.java:495)
We have to repackage and test Crowd OpenID with the latest version of the openid4java. Crowd currently ships with openid4java-0.9.5, we would need to test it with 0.9.6.
Attachments
Issue Links
- is duplicated by
-
CWD-2598 Upgrade to openid4java 0.9.6
- Closed