Extension talk:OpenID/LQT Archive 1

There are these archived pages: Archive until 200705 - Archive 200705-20110521

First aid checklist
Before posting a question and request for help here, please check the presence of prerequisites with a small file in one of your web accessible directories.

Access the phpinfo script with your web browser. Scrutinize the output very carefully, whether the following libraries are really installed, as php module or as installed library. Look trough the whole output, what your looking for might be at the end. If one of the modules is missing, please install the missing module, or recompile PHP to include the required modules to ). This is explained on the main page. Along with your question, please indicate versions from your wiki's version page Before reporting here, please always check your logfiles for obvious problems such as missing files due to wrong include paths and so.

OpenID Failed Clamshell Same Server
I am currently running a clamshell openid server on ____/openid my wiki is at ____/w/Main_Page or ____/Wiki:Main_Page when i try to convert my current login "Lenary" to my OpenID on the same server, it gives me this error: "Verification of the OpenID URL failed. Error message: "Not in requested trust domain:____"" with a link. when i click this link, another error comes up: "Invalid openid.mode ''". i have tried changing the $wgTrustRoot to both of the above addresses, but neither work. $wgOpenIDConsumerDenyByDefault = false; me and a friend are working on rectifying this, but nothing is working. The /Auth from the library you asked for a prerequisite is at ____/w/Auth as well as /usr/share/php5 and /usr/?bin?/php5 (i'm not sure of the last one) i have no clue what to do now. I have tried all 3 addresses clamshell lets you use, ____/openid/clamshell.php?u=### ___/openid/?u=### ___/openid/### (sorry, i have obscured all addresses for security... ____ is the server domain name, ### is my clamshell username)

i have just also copied /Auth to ____/w/extensions/OpenID


 * Hi Anonymous. You shouldn't need to do this last step, but rather place Auth in $IP/includes, since it'll be automatically included in the include_path. Regarding the error you are getting, it's probably related with $wgTrustRoot. Try to set it to a value equal to the start of your wiki URL, including the port, if you're using other port than 80. It took me some time to figure that out. I'm using it with: ClamShell 0.6.7 and MediaWiki 1.12.0 (had to upgrade from 1.10 to support the i18n new stuff). Thanks to Evan Prodromou for the great work. Nuno Tavares 00:17, 3 May 2008 (UTC)


 * would that route be something like http://example.com/Wiki: (where http://example.com/Wiki:Main_Page was the main page, but http://example.com/w/ was the actual dir of the wiki? thanks for the help so far Nuno


 * http://example.com/ should be enough, I believe. Nuno Tavares 21:28, 5 May 2008 (UTC)


 * this would be a solution http://ioni2.com/2009/wordpress-openid-login-failed-invalid-openid-mode-no-mode-set-solved-for-both-wordpress-and-drupal/

not under trust_root
Nothing I did in LocalSettings.php helped with this error. Editing OpenID.setup.php and adding my trust_root URL to $wgTrustRoot did the trick.

OpenID.setup.php $wgTrustRoot = "http://www.example.com/wiki/";
 * 1) Defines the trust root for this server
 * 2) If null, we make a guess
 * 3) $wgTrustRoot = null;

--Beagle 17:18, 17 May 2008 (UTC)
 * Hmmm... that's odd. Just for fun, I commented the $wgTrustRoot entry in OpenID.setup.php and now it appears that the entry in LocalSettings.php is being read.
 * Yes, by George, it is reading LocalSettings.php now because if I comment the $wqTrustRoot entry there it fails. You can like see for yourself at tioat dot net slash wiki if ya don't believe me. I'm just so thrilled it works now. ;) --Beagle 09:47, 18 May 2008 (UTC)


 * I can confirm this works. I had the same problem as you, then I commented the line "$wgTrustRoot = null;" in OpenID.setup.php and it works fine now. --Figure002 20:06, 20 April 2010 (UTC)


 * I figured out the problem here. The default OpenID variables are created when OpenID.setup.php is included by the require_once line. By placing the variables in LocalSettings.php before OpenID.setup.php is included, the variables will be overwritten with the default values. So the solution, is to place the OpenID variables after the require_once line (I added a note about this in the article). --Figure002 20:39, 20 April 2010 (UTC)

Cert Verification
Verification error An error occurred during verification of the OpenID URL.

I am receiving this error when trying to login using my OpenID account with any https site. Basically I've found out that its trying to verify my CAfile: /etc/pki/tls/certs/ca-bundle.crt

How can I mitigate this? I was thinking I could either setup php.ini to use curl -k? (which I dont know how to)

Or I could setup the ca-bundle.crt cert (which i already have a ca.crt file setup for another site hosted on the same machine) Anyone know how to setup the ca-bundle.crt?

Anyone know how to get around this?

error_log http file: CURL error (60): error setting certificate verify locations:\n CAfile: /etc/pki/tls/certs/ca-bundle.crt\n  CApath: none\n, referer: http://mysite.net/index.php?title=Special:OpenIDLogin&returnto=Home

FYI: I resolved this issue by making /etc/pki/tls/certs/ readable.

Installation Notes for WIMP Platform
Since I spent the better part of a weekend getting this extension up and running on Windows IIS MySQ PHP (WIMP), thought I would document to minimize others' future misfortune.

Platform was MW 1.16 with php-openid-2.x.x-snapshot library C:\Program Files\PHP>pear install PHPUnit C:\Program Files\PHP>pear install HTML_Common
 * First, you really want to use PEAR if you can. If you have not loaded it into your PHP environment, find instructions and do so.
 * Download and extract the current php-openid package (I used devl version, 2.x.x-snapshot, but you may want to use the most current stable release) from here
 * To integrate php-openid into your PHP environment, copy the extracted "auth" dir (and all subdirs) into your PEAR directory (default is C:\Program Files\PHP\PEAR . Hopefully in the future there will be a PEAR package for Windows that will do this for us, but for now, this works.
 * You will need to add/enable several PHP extensions using PEAR via the following instructions executed from the command line:
 * You will also need to manually add several extensions. First check to make sure these extensions exist in you PHP environment (they are usually found in the C:\Program Files\PHP\ext directory by editing the php.ini file and adding the following (if they are not already there):


 * I had to manually add the new table and index using the MySQL query tool and using the edited commands from openid_table.sql.
 * If you are using windows, you need to add a configuration definition before you activate OpenID otherwise you'll get an error about having an undefined random source:

Special Note: I spent the majority of the time trying to figure out why I got the following error message:

"An error occurred during verification of the OpenID URL"

It turns out, it was because I had not enabled PHP OpenSSL extensions on that server.

Hope this helps --jdpond 01:18, 23 November 2009 (UTC)

Integrate SpecialOpenIDLogin::createUser with LoginForm::addNewAccount?
The LoginForm from SpecialLogin has many desirable features that help manage new users - most of which are bypassed by the SpecialOpenIDLogin::createUser, including several notifications and other useful hooks. Has the concept of integrating these two functionalities been considered - I might be willing to do it, but don't want to waste my time if someone has already taken a shot at it. --jdpond 01:18, 23 November 2009 (UTC)

Annoying PHP Error Log Messages --jdpond 00:38, 12 March 2010 (UTC)
--Wikinaut 21:07, 17 May 2011 (UTC)

I'm getting two messages using this extension in my otherwise pristine error logs. They are:

PHP Warning: Call-time pass-by-reference has been deprecated;  If you would like to pass it by reference, modify the declaration of [runtime function name]. If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. in PHP\PEAR\Auth\OpenID\AX.php on line 963 (also line 891) and PHP Notice: Uninitialized string offset:  0 in includes\WebRequest.php on line 461

The second is a malformed URI - but I don't know why it's getting passed that way.

The first is obviously in the PHP Auth\OpenID pear package.

Any ideas?


 * The second one. Because you are not able to access to the default $wgOpenIDConsumerStorePath and $wgOpenIDServerStorePath.  Set

$wgOpenIDConsumerStoreType = "file"; $wgOpenIDServerStoreType = "file";
 * and

$wgOpenIDConsumerStorePath $wgOpenIDServerStorePath --Onecountry 16:04, 27 May 2010 (UTC)


 * Any help about the first annoying log-message Call-time pass-by-reference...? Ankostis 16:45, 22 November 2010 (UTC)

--Wikinaut 21:07, 17 May 2011 (UTC)

Warning when $ax is null in array_key_exists line 265
Line 265:

should be

to prevent warning message on line 265 when logging in using an OpenID for the first time and $ax is null.

Bad signature
I keep having this error: Verification of the OpenID URL failed. Error message: "Bad signature" on my mediawiki.

Prerequisites are confirmed, update ran, installation instructions followed, GMP is OK. Running on debian. Restarted the webserver, configged $wgTrustRoot. So how to deal with this message?

Config: require_once("$IP/extensions/OpenID/OpenID.setup.php"); $path = "$IP/extensions/OpenID"; set_include_path(get_include_path . PATH_SEPARATOR . $path); $wgOpenIDShowProviderIcons = true; $wgTrustRoot = "http://www.website.com/";

https:// OpenID provider
On many MediaWiki sites with this extension, if you login create an account using OpenID, you can simply specify you OpenID provider and type your OpenID username but it only works as long as the URL prefix is http not https. --MyrtonosTry liquid theads 11:41, 14 February 2011 (UTC)


 * As far as I have checked it, it works with https:// if the provider (check with https://pip.verisignlabs.com ) has a correct certificate.
 * i) If the provider server does not have a certificate which is regarded as valid, then the consumer wiki server, i.e. the wiki where you have this extensions installed, throws an internal error during the "curl" action when negotiating with the OpenID server like saying that "ERROR: Certificate verification error for www.domain.com: self signed certificate ERROR: certificate common name `88.888.888.888' doesn't match requested host name `www.domain.com'. To connect to www.domain.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection." or the like. You will see this or another error in /etc/apache2/error.log, or try on the commandline wget or curl  and see the error messages. Thus you cannot use a signed-by-your-own certificate on self-made ssl OpenID server. Curl and wget have an option "--no-check-certificate" but this changes the ERROR into an WARNING.
 * Other reasons: ii) if your consumer wiki is in an intranet, a proxy server may prohibit a proxy connection to the OpenID provider; iii) check your firewall settings.
 * Please check the OpenID extension for example with an OpenID which you created on verisignlabs, perhaps this works then.--Wikinaut 13:45, 14 February 2011 (UTC)
 * Does MyOpenID have a correct certificate, that was the provider I was thinking of. --MyrtonosTry liquid theads 07:12, 15 February 2011 (UTC)
 * Yes, I think so. It is issued by Equifax Secure Inc.. --Wikinaut 20:40, 16 February 2011 (UTC)

Information about a problem when using "User Merge and Delete" together with "OpenID", and an ad-hoc solution
Filed as Bug 28993

Information for those users who use Extension:User Merge and Delete together with Extension:OpenID: when using both extensions, the current version of User Merge and Delete ignores to copy OpenID settings of from the first (to be merged into the second and to be deleted) to the second account, and remains of the first account hinder the second account to use them (a property of the OpenID extension). An ad-hoc solution is to manually delete the remains of the first account in the table OpenIDs:

DELETE FROM user_openid WHERE uoi_user=;

This frees the OpenID(s) which were connected to the first account; the second account user (or anyone else who's entitled) can then freshly use the former OpenIDs which were connected to their first account before merging.

complete failure
I'm not even sure where to begin here. I downloaded the extension, uploaded it to my server, to ../extensions/ untarred the tarball. I edited LocalSettings.php to include require_once("$IP/extensions/OpenID/OpenID.setup.php"); Then, ran php maintenance/update.php, which gives this error: Content-type: text/html

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/content/29/5132729/html/gpbp/maintenance/commandLine.inc on line 13

Reloading the wiki, any page, gave only this: Warning: require_once(Auth/Yadis/XRI.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/29/5132729/html/gpbp/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

Fatal error: require_once [function.require]: Failed opening required 'Auth/Yadis/XRI.php' (include_path='/home/content/29/5132729/html/gpbp:/home/content/29/5132729/html/gpbp/includes:/home/content/29/5132729/html/gpbp/languages:.:/usr/local/php5/lib/php') in /home/content/29/5132729/html/gpbp/extensions/OpenID/SpecialOpenIDLogin.body.php on line 28

I came here and read something about uploading the "Auth" folder from phph4-openid to my toplevel dir, so I did that, re-ran update.php, got the same error, and, when reloading the wiki, got: Warning: require_once(Auth/OpenID/BigMath.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/29/5132729/html/gpbp/Auth/OpenID.php on line 30

Fatal error: require_once [function.require]: Failed opening required 'Auth/OpenID/BigMath.php' (include_path='/home/content/29/5132729/html/gpbp:/home/content/29/5132729/html/gpbp/includes:/home/content/29/5132729/html/gpbp/languages:.:/usr/local/php5/lib/php') in /home/content/29/5132729/html/gpbp/Auth/OpenID.php on line 30

I read the readme for the php4-openid extension, so, from that, determined it would be useful to run ../extensions/openidblahblah/examples/detect.php. Mostly that seemed to indicate that everything was as it should, except, it said libcurl was installed, but it failed to fetch a url, and, it says, Your web server seems to corrupt queries. Received, expected a=%26b. Check for mod_encoding.

The server is running CentOS, and has php4.4. My wiki is MediaWiki 1.16.2. The host is godaddy.com.

The site is goodpayer-badpayer.info

I have ssh access, but not root.

--Tonybaldwin 03:49, 27 March 2011 (UTC)


 * It looks, as if you have not correctly set up your extensions/OpenID subdirectories. Try to redo following the installation instructions exactly. --Wikinaut 22:53, 27 March 2011 (UTC)

Okay, it does seem I missed one tiny detail in the installation instructions (adding $IP/extensions/OpenID/" to the $path). Also, it seems I had failed to upload the entire Auth directory.  Gftp had dumped, and only half of it was there (thus the error saying tno URINorm.php, because it was missing).  Now I've gotten those ironed out, and I can actually access the Special:OpenIDLogin page, I can't get it to work.  I tried with my google account and with a livejournal OpenID.  I'm going to look further into the suggested configs and get back here with either, a) a report of success, or b) details of my attempts, and the errors I receive.

Still no joy. I've gone over everything. The only thing I can find that I haven't been able to resolve is that there is no gmp, but, I'm on paid hosting with no root access to the server, so there's nothing I can do about that. Running examples/detect.php seemed to indicated that, while not optimal, bcmath would suffice. I can't compile php with gmp support without root access, so this extension is completely useless to me. The error I get when trying to add an OpenID is this: A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was: (SQL query hidden) from within function "SpecialOpenID::getUser". Database returned error "1146: Table 'goo1108409062663.mw_user_openid' doesn't exist (goo1108409062663.db.5132729.hostedresource.com)".


 * You apparently did not or could not run point 7 (run update.php) of installation instructions after having everything installed in the subdirectories and after having LocalSettings.php modified; this step adds new tables to the database needed for OpenID extension. But when not having GMP, the extension will not work, as indicated by you. If you can install a new Wiki, than perhaps an alternative is to install everything (all files) in place, and then to run the a new wiki installation, which will (should) update the database tables, too. --Wikinaut 05:31, 28 March 2011 (UTC)

OpenID: no auth_request
After I migrated to a new hosting provider, the OpenID extension stopped working.

This message appears on the page after I try to log in: Verification error An error occured during verification of the OpenID URL. And this appears on the log file: OpenID: no auth_request You can try for yourself at http://openfarmtech.org/w/index.php?title=Special:OpenIDLogin

What could be causing this? --Elifarley 10:35, 28 March 2011 (UTC)


 * The "Verification error" message of the OpenID extension is admittedly not very specific. What is the consumer and what is the provider for the OpenID authentication you wanted to make? --Wikinaut 20:52, 28 March 2011 (UTC)
 * I was trying to use GMail to authenticate at openfarmtech.org --Elifarley 02:03, 29 March 2011 (UTC)

Unable to log in when using Coral CDN
I'm unable to log in when I access my wiki via Coral CDN: Since the Login with OpenID link is relative, it points to the CDN instead of pointing to the original server.

So, where can I change the Login with OpenID link so that it always points to the right URL, even if the wiki is being accessed via a CDN ?

--Elifarley 12:52, 29 March 2011 (UTC)


 * I've created a hook to fix this (just append it to LocalSettings.php):

function fnMakeAbsoluteURL( &$title, &$url, $query ) { global $wgServer; $indexRe = "/title.Special.*Login/"; if ( preg_match( $indexRe, $url ) ) $url = $wgServer. $url; return true; }

$wgHooks['GetLocalURL'][] = 'fnMakeAbsoluteURL';

--Elifarley 13:44, 14 April 2011 (UTC)

Verification error
I'm getting a bug after downloading a very recent version of the OpenID extension (using the link provided by you). The bug is described here.

Seems to be a curl/ssl issue?

Cheers, --Dmb 23:53, 17 May 2011 (UTC)


 * Is it an https:// OpenID identity you are trying? Then, in my view, most probably the certificate may be invalid, see Extension:OpenID. Check on your server whether or not a simple "wget " does work without problems. This also relates to last posting in the google discussion --Wikinaut 00:14, 18 May 2011 (UTC)


 * I have no idea. I'm clicking on the big friendly Google logo (https://www.google.com/accounts/o8/id ?). --Dmb 09:01, 19 May 2011 (UTC)
 * Sorry, I think you did something wrong, as this is not the way to log in to your wiki. You need to click onto the Google (or another providers') logo on your Wiki OpenID login page which is Special:OpenIDLogin (on your wiki!).
 * Check carefully the path which must be added (currently) in LocalSettings.php, see point 5 of the installation. --Wikinaut 14:22, 19 May 2011 (UTC)


 * Yeah, I tried, I know how to log in. It fails. Hence the error. More details are in that Google groups thread if you read it. I'm not asking you sign up or anything. Cheers, --Dmb 14:38, 19 May 2011 (UTC)

Anyone know how to fix this yet? I'm guessing it's a PHP thing?


 * Your referata Wiki does not show the version number (0.10-dev) of my OpenID for MediaWiki version 1.16.1 I have sent you. So, you cannot expect it working, especially because you run PHP 5.3.x which requires at least this patch as mentioned on the OpenID article page: "Note: php-openid 2.2.0 requires a patch for PHP > 5.3.x versions to avoid "Call-time pass-by-reference is deprecated" errors.[1]". --Wikinaut 18:05, 20 May 2011 (UTC)