Issues

ZF-3137: Fragments shouldn't be considered during verify() in the Consumer.

Description

The spec states this about verification in 11.2:

"If the Claimed Identifier in the assertion is a URL and contains a fragment, the fragment part and the fragment delimiter character "#" MUST NOT be used for the purposes of verifying the discovered information."

By not following this Consumer improperly doesn't verify some claimed id's that it should.

Comments

This patch respects (or doesn't as it were) the hash remark

According to OpenID 2.0 specification, section 7.2, fragment MUST be stripped during normalization. Please, reopen the bug if my fix doesn't work for you.

Marking as fixed for next minor release pending merge of changes to release-1.5 branch.

Updating for the 1.6.0 release.