Details

    • Similar Issues:
      Show 5 results 

      Description

      Adding OpenId to existing users does not work.
      Steps to reproduce:
      1) Start a vanila Liferay bundle (tested with Tomcat, but should affect others as well)
      2) Disable "Allow strangers to create accounts?" in Control panel/Portal Settings/Authentication/General
      3) As Administrator create an account with a @gmail.com email address (or any other email that works as OpenId account), e.g. "john.doe@gmail.com"
      4) John Doe can login with his email and password.

      So far so good. Now John decides he wants to switch to OpenId.

      5) In the login portlet click on OpenId
      6) Use "https://www.google.com/accounts/o8/id" as your OpenId provider (or the url of your OpenId provider if you don't use gmail)
      7) Get redirected to gmail - John Doe uses his gmail account to log in
      8) Gmail (or the OpenId provider) generates an authentication URL: https://www.google.com/accounts/o8/id?id=AItOawlPq...
      9) Get redirected back to your portal

      What should happen:
      10a) Liferay finds the user with OpenId url https://www.google.com/accounts/o8/id?id=AItOawlPq... -> user is logged in
      10b) Liferay sees that there is no user with such OpenId URL.
      11) Get the email address from the OpenId response
      12) Find user by email - john.doe@gmail.com
      13) Update John's user account and set his OpenId URL to https://www.google.com/accounts/o8/id?id=AItOawlPq...
      14) Joe is now logged in

      What actually happens:

      between 6) and 7) Liferay tries to find the user with the general OpenId URL ("https://www.google.com/accounts/o8/id") and then by screen name (by somehow converting the general OpenId URL to "www.google.com.accounts.o8.id") which of course fails. The matching of users (by OpenId authentication URL or email or screen name) must happen AFTER step 9) when the user finished the authentication.

      Attached is a patch that fixes OpenIdAction.java

        Activity

        Hide
        Paul Piao (Inactive) added a comment -

        Hi Jan,
        Thank you for your report. I was able to reproduce this issue in 6.1.0 B4. I have also tested on issue on 6.1.x and trunk revision (96407) and I was unable to reproduce. This issue should be fixed in the next version of Liferay Portal.

        Thanks.

        Show
        Paul Piao (Inactive) added a comment - Hi Jan, Thank you for your report. I was able to reproduce this issue in 6.1.0 B4. I have also tested on issue on 6.1.x and trunk revision (96407) and I was unable to reproduce. This issue should be fixed in the next version of Liferay Portal. Thanks.
        Hide
        Edward Gonzales added a comment -

        Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!

        Show
        Edward Gonzales added a comment - Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!
        Hide
        Noovle Liferay Team added a comment -

        Hi, I was able to reproduce on liferay-portal-tomcat-6.1.2-ce-ga3-20130816114619181. User just added to the portal are not able to login, this is a huge behavior.

        So, I've test the following properties
        open.id.providers=google
        open.id.ax.schema[google]=email
        open.id.ax.type.email[google]=http://axschema.org/contact/email
        open.id.url[google]=https://www.google.com/accounts/o8/it
        but I did not understand what they are, beacause I was unable to "force" the use of "providers" settings.

        For our customers OpenID is a big feature. Hopefully it is not necessary to develop a custom component for this feature.

        Regards.

        Show
        Noovle Liferay Team added a comment - Hi, I was able to reproduce on liferay-portal-tomcat-6.1.2-ce-ga3-20130816114619181. User just added to the portal are not able to login, this is a huge behavior. So, I've test the following properties open.id.providers=google open.id.ax.schema [google] =email open.id.ax.type.email [google] = http://axschema.org/contact/email open.id.url [google] = https://www.google.com/accounts/o8/it but I did not understand what they are, beacause I was unable to "force" the use of "providers" settings. For our customers OpenID is a big feature. Hopefully it is not necessary to develop a custom component for this feature. Regards.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 11 weeks, 3 days ago

              Development

                Structure Helper Panel