Bugzilla – Bug 6900
Allow use of Google account with OpenId
Last modified: 2010-01-12 22:00:19
You need to
before you can comment on or make changes to this bug.
Apparently the OpenID to use with Google is:
See, among other pages:
But this fails with the following error currently with the GridShib-CA OpenId
OpenId error: The provided URL doesn't declare its OpenID identity server.
Two links that may be relevant to this:
Marlon Pierce's post on using Google OpenId with openid4java:
Try other providers to see if this is a google-specific problem or not. See:
Another good test would be to test it with the new OpenId support in the Shib
Email sent asking if there is a testshib implementation with openid support.
(In reply to comment #3)
> Try other providers to see if this is a google-specific problem or not. See:
Verified GS-CA OpenId works with:
MySpace: www.myspace.com/vonswelch (resolves to
Suddenly this is working for me (and Jim) using an openid of:
Not sure why is working now. I cannot think of anything that has changed on the
The resulting UserId is, uh, interesting:
From looking at Marlon's post (comment #2), looks like the email attribute
contains an real email address, which would be a much friendlier username.
I'm not currently pulling any OpenId attributes into the session, so I don't
know I'm getting the same attributes as Marlon.
In case problems come up with Google again, capturing what some interactions
with Google look like when things are working:
% wget --no-check-certificate https://www.google.com/accounts/o8/id
% cat id
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
% wget --no-check-certificate https://www.google.com/accounts/o8/ud
Resolving www.google.com... 184.108.40.206, 220.127.116.11, 18.104.22.168, ...
Connecting to www.google.com|22.214.171.124|:443... connected.
WARNING: Certificate verification error for www.google.com: unable to get local
HTTP request sent, awaiting response... 400 Bad Request
14:11:32 ERROR 400: Bad Request.
(In reply to comment #6)
> Suddenly this is working for me (and Jim)
OK, the issue is that Google OpenID does not work for me when I'm running the
GSCA on my mac, but does when the GSCA is running on shibber.
I'm guessing it has something to do with the fact that the hostname I'm using
for my mac is not in the public DNS, just in /etc/hosts, and Google is relying
on that somehow.
Closing this bug since basic openid authentication with Google works.
Note that to get nicer attributes, such as email address, apparently Attribute
Exchange is needed. See Bug 6913.