Friday, July 15, 2011

A note on problems with Google-based OpenID logins

Recently we got mails from users that can not login to BibSonomy using their Google OpenID. Today we traced at least one of the cases down to a problem with Google's OpenID service.

There are two types of OpenID's Google supports:
There are quite some web pages that discuss the different types (e.g., this discussion, this explanation, or this article) and even more forum posts that describe problems (e.g. this one).

The thing is, that recently the profile page OpenID's cause problems. We were not able to login or register using these at BibSonomy. After trying to find out why this does not work, we found out that the problem is Google itself. Google's profile web pages do not contain a resource descriptor that OpenID4Java can discover. We could not even find one manually. This basically means, that the  https://profiles.google.com/ type of OpenID is broken.

By the way: not only BibSonomy has problems with Google's profiles OpenIDs, other web pages have them, too. We tried to register at Stack Overflow using https://profiles.google.com/114248476628351395042 and got the error "Unable to log in with your OpenID provider: No OpenID endpoint found."

Until Google fixes this issue, we can only suggest to use the other type of OpenID, i.e., https://www.google.com/accounts/o8/id to sign in to BibSonomy.

To make this easier, we enhanced the OpenID login page to include quick-links for three major OpenID providers: Google, Yahoo!, and myOpenID.net:


We will stay tuned with this problem and see, if Google will fix it!

Have a nice weekend and enjoy tagging ...

Update (2011-08-02):

Since last Friday (2011-07-29), we had problems with OpenID login caused by an incorrectly installed SSL certificate. This was fixed today. Thus, OpenID login with providers such as Google, Yahoo! or Xlogon.net works, again.

With MyOpenID.com, however, we still face problems. The reason seems to be that the root certificates for the certification authority MyOpenID.com uses (StartCom) are not contained in the JVMs truststore (bug entry on openid4java). We imported them manually but this did not solve the problem. We will try to find out what's going wrong.
<update> OpenID with MyOpenID.com works now. Importing certificates with Java's keytool command is quite cumbersome. It ask's for a password but does not complain that no keystore was specified. :-(</update>
Published from Unknown at 15:32
Tags: ,

Popular Posts