I'm while using latest Janrain openid library example and also the discovery process appears to be effective with Yahoo, myopenid.com yet others...

However I am tied to Google endpoint (https semicolon //www.google.com/accounts/o8/id). Consumer.php just returns a 406 apache error, before I'm rerouted to google's page.

My installation can be obtained here : http://www.coplango.com/vendor/openid/examples/

  • Click consumer to test the customer example, but discovery.php fails exactly the same way,showing it takes place throughout discovery...
  • You may also check identify.php to check on my installation - The HTTP fetching test fails having a 503 since it attempts to achieve a previous address which returns a 503. Relaxation is okay.

I supposed it had been lower to php-yadis indicating Accept: application/xrds+xml header however i checked the code along with other types will also be recognized such text/html and application/xhtml+xml...

Anybody found this ?

Any clue ?

Thanks greatly !!!

Ok,

I've looked into further also it appears to become lower to my provider, who returns a 406 error if any string that contains the dying word "/id" is passed as GET parameter. Required me days to determine it wasn't lower to openid !!

For info I'm using PlanetHoster, if other people ever comes accross this. I've sent them a ticket request and awaiting their answer.

running the customer example inside my machine, i recieve the next error:

Got no response code when fetching https://www.google.com/accounts/o8/id
CURL error (60): SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

what this means is curl fails verifying google's https server certificate. you are able to workaround this by either supplying curl with CA certificates to ensure google's certificate via [cde]/[cde], or - simpler - stop validating the cert via [cde]. the next alternation in CURLOPT_CAINFO achieves latter for me personally:

CURLOPT_CAPATH

obviously, your curl installation should also support ssl - look at your CURLOPT_SSL_VERIFYPEER. also, if Auth/Yadis/ParanoidHTTPFetcher.php is disabled, --- ParanoidHTTPFetcher.php.orig 2009-04-22 02:31:20.000000000 +0800 +++ ParanoidHTTPFetcher.php 2009-09-30 22:35:24.093750000 +0800 @@ -127,6 +127,9 @@ Auth_OpenID_USER_AGENT.' '.$curl_user_agent); curl_setopt($c, CURLOPT_TIMEOUT, $off); curl_setopt($c, CURLOPT_URL, $url); + + // don't verify server cert + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE); curl_exec($c); may should also be phpinfo() or CURLOPT_SSL_VERIFYPEER.

see also http://www.openrest.eu/docs/openid-not-completely-enabled-for-google.php (through the Related http://stackoverflow.com/questions/818063/why-doesnt-google-openid-provider-work-with-php-openid-on-my-server).

SOLUTION:

Within the .htaccess file put

CURLOPT_SSL_VERIFYHOST