Menu
I have an OpenID relying party setup and using XRDS. It passes the "RP has discoverable return_to" interop test over at http://test-id.org/RP/DiscoverableReturnTo.aspx.
Yahoo no longer complains with the message "Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent." as outlined in Andrew Arnott's excellent blog post: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
However, when I try to authenticate using AOL I see the "Warning! site verification could not be completed." message.
427
When verifying the return_to value, AOL doesn’t support the RFC 4366 TLS "Server Name Indication" (SNI) extension, which allows multiple SSL certificates on the same IP address. If your server is so configured, AOL will only see the default certificate for the IP address. If it doesn’t happen to match the certificate of the relying website, AOL will (incorrectly) report an error.
i.e. This is an AOL bug.
177
After 3 hours of work i had satisfied AOL verification. Below is what you need to make sure(assuming you satisfy openid 2.0 specificaiton).
Aol is making http Head request, so make sure that your realm page is accepting Http Head request. I think that's what mostly wrong as we don't check Http Head ever.
Aol http head request is very naked so make sure your serve back response with bare request. ie. in our case code was also failing when there is no agent info in request.
It is most likely you would have problem with above conditions.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
