<div dir="ltr"><span style="font-size:12.8px">Craige greetings - </span><div><span style="font-size:12.8px"><br></span><div><span style="font-size:12.8px">what you are depicting on <a href="https://storyboard.openstack.org/#!/story/2000694">https://storyboard.openstack.org/#!/story/2000694</a></span></div><div><span style="font-size:12.8px">its the correct behavior, after you perform</span></div><div><span style="font-size:12.8px"><br></span></div>curl -k <a href="https://openstackid.org/">https://openstackid.org/</a> | grep discovery <meta http-equiv="X-XRDS-Location" content="<a href="https://openstackid.org/discovery">https://openstackid.org/discovery</a>" /><div>curl -k <a href="https://openstackid.org/discovery">https://openstackid.org/discovery</a> | grep URI <URI><a href="https://openstackid.org/accounts/openid2">https://openstackid.org/accounts/openid2</a></URI></div><div><br></div><div>you already have the discovery info ( yadis doc) and the openid endpoint : <a href="https://openstackid.org/accounts/openid2">https://openstackid.org/accounts/openid2</a></div><div><br></div><div>you dont have to do a GET request against that endpoint, BC otherwise u will get the 404, u need to perform an openid 2.0 valid request doing a POST</div><div><br></div><div>like depicted here <a href="https://openid.net/specs/openid-authentication-2_0.html#associations">https://openid.net/specs/openid-authentication-2_0.html#associations</a></div><div><br></div><div>however, to configure the apache mod</div><div><br></div><div>inside your vhost configuration you should have something like this</div><div><br></div><div><div> <Location /></div><div>        AuthType OpenID</div><div>        require valid-user</div><div>        AuthOpenIDTrusted ^<a href="https://openstackid-dev.openstack.org">https://openstackid-dev.openstack.org</a></div><div>        AuthOpenIDSingleIdP <a href="https://openstackid-dev.openstack.org">https://openstackid-dev.openstack.org</a></div><div>        AuthOpenIDSecureCookie Off  # off for now</div><div>        AuthOpenIDAXRequire email <a href="http://axschema.org/contact/email">http://axschema.org/contact/email</a> .+</div><div>        AuthOpenIDAXUsername email</div><div></Location></div></div><div><br></div><div>Sebastian Marcet</div><div><br></div><div>Regards</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 9, 2016 at 8:46 PM, Craige McWhirter <span dir="ltr"><<a href="mailto:craige@mcwhirter.com.au" target="_blank">craige@mcwhirter.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Tue, Aug 09, 2016 at 10:19:04PM +0100, JP Maxwell wrote:<br>
>      There is only currently one issue: I can get it to authenticate against<br>
>      login.ubuntu but neither dev or production OpenStackID. If we wish to<br>
>      stand<br>
>      this up against OpenStackID I'm going to need some eyes on that<br>
>      particular<br>
>      issue.<br>
><br>
>    Craige greetings - are you trying to use Open ID 2.0 or Open ID connect to<br>
>    connect to Openstack ID?<br>
<br>
</div></div>G'day JP. Great question. I haven't traversed the code but it is my<br>
understanding that libapache2-mod-auth-openid[1] only speaks Open ID 2.0.<br>
<br>
I've raised a ticket in Storyboard[2] that hopefully explains in more detail<br>
what I'm seeing (that was my intention, at least).<br>
<br>
[1] <a href="http://findingscience.com/mod_auth_openid/" rel="noreferrer" target="_blank">http://findingscience.com/mod_<wbr>auth_openid/</a><br>
[2] <a href="https://storyboard.openstack.org/#!/story/2000694" rel="noreferrer" target="_blank">https://storyboard.openstack.<wbr>org/#!/story/2000694</a><br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Craige McWhirter<br>
M: +61 4685 91819<br>
W: <a href="https://mcwhirter.com.au/" rel="noreferrer" target="_blank">https://mcwhirter.com.au/</a><br>
GNUSocial: <a href="https://social.mcwhirter.io/craige" rel="noreferrer" target="_blank">https://social.mcwhirter.io/<wbr>craige</a><br>
</div></div><br>______________________________<wbr>_________________<br>
OpenStack-Infra mailing list<br>
<a href="mailto:OpenStack-Infra@lists.openstack.org">OpenStack-Infra@lists.<wbr>openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-infra</a><br>
<br></blockquote></div><br></div>