= bug description =
I am not able to login to an OpenID enabled site (http://gerrit.beaker-project.org/) using the Fedora Open ID. It was working just fine.
= bug analysis =
Here is what I see after I enter my FAS details:
404 Not Found
The path '/openid/server' was not found.
= fix recommendation =
If you were using the old (non advertised) provider link, please use the correct one?
username.id.fedoraproject.org
https://fedoraproject.org/wiki/OpenID#Old_provider_link
Hi Kevin,
Replying to [comment:1 kevin]:
If you were using the old (non advertised) provider link, please use the correct one? username.id.fedoraproject.org
I was using this one itself, and currently using this as well. I cleared a bunch of cookies (fedorahosted related) and still see the same error.
Thanks, Amit.
Odd. It works just fine here.
Are you entering: "username.id.fedoraproject.org" or with http:// or https:// ?
Try entering just the amitksaha.id.fedoraproject.org without http or https?
Okay, so looks like Gerrit was caching (in memory cache) the redirection to the old server. Hence, it failed. Once Gerrit was restarted, this went away.
However, it is probably a good idea to have the old URL redirect to the new one, rather than dismantling it completely. After all cool URI's don't change. (http://www.w3.org/Provider/Style/URI.html) (Thanks Dan for that!).
we should ask puiterwijk to verify if that's a good idea. multiple public urls might give multiple ids which seems like a bad idea. but I see some documentation online that 301 redirects may officially make the relying party choose the eventual endpoint as the actual identity. that seems like it should be okay.
Adding Patrick here for comment.
Looks like there is another more widespread site using the old urls:
http://www.ovirt.org/Working_with_oVirt_Gerrit
Additionally, they are not allowing the username.id.fedoraproject.org provider, they are restricting to the old one.
Hopefully we can get them to adjust config, but perhaps this is another reason to look at the redirect at least for now.
Actually, it's: http://review.gluster.org/ that is restricting to the old provider.
Please put the 301 redirect in place.
I've managed to sign in to the oVirt system using the new endpoint, however now it thinks I'm a completely new person and won't let me use my old "justinclift" userid. :(
ok, redirect actually won't work. ;(
However, we are going to just setup another instance for the old provider url (complete with a warning and link to doc asking people to switch to the new one). We will keep that one up for a month to allow people time to login to sites and change over to using the other provider url.
Will update this ticket when the legacy provider is up.
An explenation: the redirect idea will not work, because the new OpenID provider will refuse to sign any OpenID identity that is not username.id.fedoraproject.org.
The legacy provider is now up, and should be usable with the https://admin.fedoraproject.org/accounts/openid/id/username url.
Please note again that this provider will disappear on 2013-04-15, so please update you identity URL's everywhere.
In case of problems with this OpenID provider, please ping me (puiterwijk) on IRC directly.
So, we should be all set now.
Folks using the legacy url can login and change their association.
Others can use the new one. ;)
Please open a new ticket or reopen this if anyone runs into any further issues...
Login to comment on this ticket.