ZF-11595: OpenId_Consumer handles/requires dh association improperly

Issue Type: Bug Created: 2011-07-23T11:01:10.000+0000 Last Updated: 2011-07-23T11:02:41.000+0000 Status: Open Fix version(s): Reporter: Peter Vereshagin (petr999) Assignee: Dmitry Stogov (dmitry) Tags: - Zend_OpenId

  • Authentication

Related issues: Attachments:



    if (!$this->_associate($server, $version)) {
        $this->_setError("Association failed: " . $this->getError());
        return false;

It should not return false because association is not a mandatory part of openid authentication.

<a rel="nofollow" href="">;</a>

(3.4.1 paragraph 1): "It's RECOMMENDED that a Consumer first submit an associate request (associate) ..." "This shared secret SHOULD be used ..."

<a rel="nofollow" href="">;</a>

3.(optional) The Relying Party and the OP establish an association
(Establishing Associations) -- a shared secret established using
Diffie-Hellman Key Exchange...

This is important for the cases if DH key can not be created:

<a rel="nofollow" href=""></a>

"openssl extension does not get the DH parameters from DH key resource"

thus the Zend_OpenId::createDhKey() returns the wrong values in the array.

<a rel="nofollow" href=""></a>

Zend_OpenId_Consumer sends the assoc request without the DH parameters to the Net::OpenID::Server and receives the response without assoc_type. Zend_OpenId_Consumer::_associate()

        $params['openid.assoc_type'] != $ret['assoc_type']) {
        if ($params['openid.assoc_type'] != $ret['assoc_type']) {
            $this->_setError("The returned assoc_type differed from the supplied openid.assoc_type");
        } else {
            $this->_setError("Missing required data from provider (assoc_handle, expires_in, assoc_type are required)");
        return false;

returns false again despite the association is not necessary to authenticate.

Current workaround: disabling the openssl extension in php.


No comments to display

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.