Fun with JOID
28 March 2008Well, I decided to go ahead and attempt to build out the OpenID integration for the Example code for my next project. Of course, as soon as that decision was put to bed, it was time to make another one: should we do it using OpenID4Java or JOID? Since I don’t really like making decisions all on my own, I thought I would search the Internet for clues about which product would be the better choice, but about all that I learned was that OpenID4Java was more complex and had more dependencies, but it also had more support and better documentation. JOID is apparently much simpler and lighter weight, but you’re on your own trying to figure things out. Based on that cursory examination, I decided to go with JOID.
The first thing I learned when trying to get something done was that the .jar files that you can download are not even close to the current level of the source code, and are not compatible with any of the sample implementations. Once I figured that out, I downloaded the latest source version from Subversion and built my own joid.jar. Once that was accomplished, I was able to attempt the OpenIDConsumer sample so that I could OpenID enable all of the apps.
The first thing I learned when trying to implement the sample code was that the OpenIdFilter that you are told to implement is not really a security filter. In other words, the purpose of the filter is not to redirect you to the login process if you are not currently authenticated, as I foolishly assumed. The purpose of this filter is to process the login form once it has been filled out. Apparently, how the user ends up on the login form is outside the scope of this sample and something that you need to work out for yourself. Once I figured that out, it was a simple matter to test out the rest of the process by invoking the sample index.jsp page myself, entering in my OpenID, and submitting the form.
What I learned at that point was that I now have some serious troubleshooting ahead of me to find out why my OpenID provider (myOpenID) responded with this message:
Error processing OpenID request
myOpenID is not authorized to verify that
is your identifier. If it is your identifier, you can set up myOpenID to verify it. See the help page for more information.http://blog.restafarian.orgIt’s likely that the site you are attempting to sign in to is running buggy software. It is known that some OpenID 2.0 implementations (especially certian versions of Drupal) do not work with delegated identifiers. In that case, please report this problem to the site you are trying to sign in to.
Return to the site that sent you here
Please let us know if you think that this error needs our attention.
Thank you,
myOpenID Support <support@myopenid.com>
Time to get to work and see if I can figure out where I have screwed up!
Sorry, the comment form is closed at this time.
