-
Type:
Defect
-
Resolution: Won't Do
-
Priority:
Minor
-
Affects Version/s: 1.0.0
-
Component/s: Administration, Authorization, Login
-
None
The WhiteListIdPvalidator only checks to see if the full name of the provider is found in a list of given providers.
We need to allow for both http and https providers since the user can/should be able to enter their openid in many different forms.
The following are all valid openid variations for the https://esg.prototype.ucar.edu/myopenid/testUser:
esg.prototype.ucar.edu/myopenid/testUser
http://esg.prototype.ucar.edu/myopenid/testUser
https://esg.prototype.ucar.edu/myopenid/testUser
Now, the first openid above will 'discover' the openid from esg.prototype.ucar.edu/myopenid/testUser into http://esg.prototype.ucar.edu/myopenid/testUser, which will be sent to the provider, but then the provider should redirect the relying party (consumer) to the https://esg.prototype.ucar.edu/myopenid/testUser openid.
One way to fix this bug is to add both http and https entries for all gateways.
We need to allow for both http and https providers since the user can/should be able to enter their openid in many different forms.
The following are all valid openid variations for the https://esg.prototype.ucar.edu/myopenid/testUser:
esg.prototype.ucar.edu/myopenid/testUser
http://esg.prototype.ucar.edu/myopenid/testUser
https://esg.prototype.ucar.edu/myopenid/testUser
Now, the first openid above will 'discover' the openid from esg.prototype.ucar.edu/myopenid/testUser into http://esg.prototype.ucar.edu/myopenid/testUser, which will be sent to the provider, but then the provider should redirect the relying party (consumer) to the https://esg.prototype.ucar.edu/myopenid/testUser openid.
One way to fix this bug is to add both http and https entries for all gateways.