Open Stack

Craige greetings -

what you are depicting on https://storyboard.openstack.org/#!/story/2000694
its the correct behavior, after you perform

curl -k https://openstackid.org/ | grep discovery <meta
http-equiv="X-XRDS-Location" content="https://openstackid.org/discovery" />
curl -k https://openstackid.org/discovery | grep URI <URI>
https://openstackid.org/accounts/openid2</URI>

you already have the discovery info ( yadis doc) and the openid endpoint :
https://openstackid.org/accounts/openid2

you dont have to do a GET request against that endpoint, BC otherwise u
will get the 404, u need to perform an openid 2.0 valid request doing a POST

like depicted here
https://openid.net/specs/openid-authentication-2_0.html#associations

however, to configure the apache mod

inside your vhost configuration you should have something like this

 <Location />
        AuthType OpenID
        require valid-user
        AuthOpenIDTrusted ^https://openstackid-dev.openstack.org
        AuthOpenIDSingleIdP https://openstackid-dev.openstack.org
        AuthOpenIDSecureCookie Off  # off for now
        AuthOpenIDAXRequire email http://axschema.org/contact/email .+
        AuthOpenIDAXUsername email
</Location>

Sebastian Marcet

Regards

On Tue, Aug 9, 2016 at 8:46 PM, Craige McWhirter <craige at mcwhirter.com.au>
wrote:

> On Tue, Aug 09, 2016 at 10:19:04PM +0100, JP Maxwell wrote:
> >      There is only currently one issue: I can get it to authenticate
> against
> >      login.ubuntu but neither dev or production OpenStackID. If we wish
> to
> >      stand
> >      this up against OpenStackID I'm going to need some eyes on that
> >      particular
> >      issue.
> >
> >    Craige greetings - are you trying to use Open ID 2.0 or Open ID
> connect to
> >    connect to Openstack ID?
>
> G'day JP. Great question. I haven't traversed the code but it is my
> understanding that libapache2-mod-auth-openid[1] only speaks Open ID 2.0.
>
> I've raised a ticket in Storyboard[2] that hopefully explains in more
> detail
> what I'm seeing (that was my intention, at least).
>
> [1] http://findingscience.com/mod_auth_openid/
> [2] https://storyboard.openstack.org/#!/story/2000694
>
> --
> Craige McWhirter
> M: +61 4685 91819
> W: https://mcwhirter.com.au/
> GNUSocial: https://social.mcwhirter.io/craige
>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160810/2c1ef33b/attachment.html>