OpenID authentication fails for Verisign

Bug #1519494 reported by hangfirew8 on 2015-11-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Community Project
Medium
Unassigned

Bug Description

After selecting the OpenID icon and typing in my OpenID URL, I get the follow web page response:

Internal server error
system error log is recorded, error will be fixed as soon as possible
please report the error to the site administrators

My OpenID works fine with StackExchange servers.

Stefano Maffulli (smaffulli) wrote :

can you please be more precise and tell us which URL you're trying to authenticate against? A screenshot would also help.

Tom Fifield (fifieldt) on 2015-11-25
Changed in openstack-community:
status: New → Incomplete

<username>.pip.verisignlabs.com

If I'm not logged into the Symantec/Verisign Personal Identity Portal yet, and I try an OpenID login to Ask Openstack, I get the usual reminder from Verisign to log in there first. Once I'm logged into that, when I try an OpenID login on Ask, I get the error as shown in the attached screenshot.

Changed in openstack-community:
status: Incomplete → In Progress

It's still broken.

Changed in openstack-community:
status: In Progress → Confirmed
importance: Undecided → Medium
Stefano Maffulli (smaffulli) wrote :

Sorry to hear that. I am not an expert in OpenID but I believe this issue may be hard to fix ... Can you use another auth mechanism, like launchpad?

Yes, of course I can set up something else.

In the meantime, here's some food for thought.

http://meta.stackexchange.com/questions/268681/cant-login-with-stack-exchange-openid-login-button-does-nothing-when-clicked

http://meta.stackexchange.com/questions/172291/unable-to-authenticate-via-openid-with-pip-verisignlabs-com

http://meta.stackexchange.com/questions/131211/verisign-login-not-working-at-so-sf-etc

Various solutions mentioned:

* Verisign is taking more than 10 seconds to return a response to us, so it is timing out. This is the first time I've ever seen a provider consistently take that long. It's a new phenomenon, even for them... I can duplicate this using our test verisign openid and http://test-id.org

* ... and again in 2012, and maybe a few more times. In each case, it seems that other StackExchange users were affected, and often, that Symantec user support needed to be involved. Here's their contact info, from Verisign help document [PDF], unchanged since 2010: For more information about VeriSign Identity Protection, please call 650-426-5310 or email: <email address hidden>.

* The problem was related to our internal DNS servers inside the network. Windows 2008 R2 has a penchant for sending EDNS probes, and some firewalls/servers don't like transmitting/processing them. I've disabled EDNS Probes from the dns servers and tested with my own verisign PIP, and it now works.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers