Skip to content
Menu
Justin Ball
  • About
  • Privacy Policy
Justin Ball

Edge Rails, OpenID and the Dreaded Sorry, the OpenID verification failed” error

Posted on September 17, 2007November 1, 2021

We use Edge Rails in our projects. Call me stupid if you like, I like living on the edge (get it?). This desire to push our luck has bitten us a couple of times, but not in any serious way. Not until recently anyway. We use OpenID – another brand new cool technology. The combination of Rails and OpenID has been great.

Then one day it all stopped working and my PPH (Profanity Per Hour) went through the roof. We have Capistrano setup. I had another guy deploy 51week and OpenID stopped working and started giving me the dreaded “Sorry, the OpenID verification failed” error. I deployed it and it started working. “Very strange I thought to myself,” but I was just glad it was working. Then Joel starts working on igagus. He can’t login because of the dreaded “Sorry, the OpenID verification failed”. We make some changes and notice that igagus no longer works.

WTF?

So I spend some time searching and can’t find anything. I spend some time chatting with the Janrain guys, but they don’t know what it is either. Then I set igagus to use an older version of edge rails – the same version that 51weeks is running. It magically starts running so I do some research.

Here’s the change in edge rails that breaks OpenID if you are using postgresql. In that change the postgres adapter was modified. The ‘secret’ used by the OpenID authentication is stored as a bytea column in postgres. In change 7329 the way that bytea columns are dealt with was changed and now the value that is returned from the database is incorrect.

I traced this down into consumer.rb in the ruby-openid gem.

This section of code from around line 562 is where the ‘sig mismatch’ comes from.


_signed, v_sig = OpenID::Util.sign_reply(args, assoc.secret, signed_list)

if v_sig != sig
  return FailureResponse.new(consumer_id, 'sig mismatch')
end
</pre>

To ensure that the response from the OpenID server is not tampered with the response is signed with a shared secret.  When the response is received the reply is checked using the local secret that is stored in the local db as a bytea column.  Because of the change in the postgresql adapter the bytea value returned is different than the one originally sent to the OpenID server.  The result is mismatched hash which returns the 'sig mismatch' error.

I am currently trying to find the exact problem and an solution.  If anyone has any great ideas please let me know.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Recent Posts

  • Around and Back to WordPress
  • Last Lagoon (This Year)
  • Logan Sunset
  • Grami Del
  • FanX (and Lagoon)

Recent Comments

  1. jquery ajax readystate 0 responsetext status 0 statustext error – w3toppers.com on jqXHR Returning Readystate 0 and Status 0?
  2. Change MySQL default character set to UTF-8 in my.cnf? on Upgrade to MySQL 5.5.12 and now MySQL won’t start
  3. Around and Back to WordPress – Justin Ball on Gatsby 2.0 and Forestry
  4. More Stuff You Shouldn’t Hit on a Bike – Justin Ball on Why Cyclists Shave Their Legs. The Most Disgusting Post I Will Ever Make
  5. First Real Ride on the New Trek Madone 6.9 – Justin Ball on Rode Blacksmith Fork Canyon Tonight

Archives

  • November 2021
  • October 2021
  • September 2021
  • January 2020
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • February 2017
  • November 2016
  • September 2016
  • August 2016
  • May 2016
  • March 2016
  • February 2016
  • November 2015
  • September 2015
  • June 2015
  • May 2015
  • February 2015
  • January 2015
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • June 2013
  • May 2013
  • April 2013
  • February 2013
  • January 2013
  • December 2012
  • October 2012
  • September 2012
  • June 2012
  • January 2012
  • December 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005

Categories

  • 2.3.2
  • 3g
  • 3tera
  • 420
  • 51weeks
  • 64bit
  • accessibility
  • ActionView::MissingTemplate
  • activemerchant
  • ActiveRecord
  • activesalesforce
  • acts as taggable
  • acts_as_facebook_user
  • acts_as_nested_set
  • acts_as_state_machine
  • advertising
  • Affiliate Marketing
  • air quality
  • ajax
  • Alyssa
  • ama
  • amazon
  • amazon s3
  • amazon wishlist
  • amazon.com
  • ancestry
  • animal cookies
  • antshares
  • apache
  • API
  • apis
  • apollo
  • apollo client
  • apple
  • Apple Store
  • Apple Time Capsule
  • application
  • applications
  • Art
  • ASP.Net
  • assert_sent_email
  • asyncronous processing
  • Atomic Jolt
  • Aubrey
  • Authentication
  • authorize.net
  • Autumn
  • babelphish
  • back problems
  • backbone.js
  • backup software
  • backups
  • bacon
  • Battlestar Galactica
  • big companies
  • birthday.
  • bitcoin
  • black cherry vanilla coke
  • Black Smith Fork Canyon
  • blockchain
  • blog
  • Blogging
  • bluehost
  • books
  • BoomStartup
  • bread
  • buddypress
  • bug
  • bugs
  • business
  • business. mother's animal cookies
  • cache county
  • cache valley
  • California
  • Cancun
  • canvas
  • capistrano
  • Catholic Church
  • cereal
  • chauvet obey 40
  • checkbox list
  • checkboxes
  • chess
  • Chicago
  • china
  • chocolate
  • Christmas
  • Chrome
  • church
  • Cinderella
  • Cisco
  • cloud computing
  • cms
  • code generation
  • code sprint
  • coke
  • Comcast
  • commerce
  • Common Lisp
  • communities
  • Community
  • complex
  • Computers
  • conference
  • conference software
  • configuration
  • consulting
  • cookies
  • cooking
  • COSL
  • cosmos
  • count
  • courts
  • cows
  • create
  • creative commons
  • cryptocurrencies
  • cryptography
  • css animations
  • cucumber
  • currency
  • Cycling
  • database
  • dataloader
  • date
  • death
  • death ray
  • debugging
  • decentralized applications
  • dell dimension 8400
  • democray
  • deployment
  • developing
  • development
  • Devin
  • diet
  • digg
  • Digital Ocean
  • digital-photography
  • disease
  • disguise
  • disgusting
  • disney
  • disneyland
  • DiSo
  • disposable
  • DMX
  • Docker
  • domain name
  • domains
  • doom
  • dr strangelove
  • driving
  • Dryers
  • DVI
  • ec2
  • economics
  • economy
  • ecto
  • edge rails
  • Education
  • EFF
  • Egypt
  • ElasticSearch
  • elastra
  • elections
  • elixir
  • email
  • Ember
  • Ember.js
  • encoding
  • energy
  • engine yard
  • engines testing
  • engineyard
  • enterprise
  • epp
  • error
  • errors
  • ethereum
  • Event Machine
  • expercom
  • facebook
  • failure
  • Family
  • family history
  • family reunion
  • family search
  • family trip
  • Family Vacation
  • familysearch
  • familysearch.org
  • farmers market
  • fashion
  • fences
  • field trip
  • file uploads
  • Firebase
  • fireeagle
  • fix
  • flat tax
  • flowers
  • folksonomy
  • food
  • France iPad Internet access
  • free book
  • freedom
  • friendfeed
  • friends
  • fuel
  • Fun Stuff
  • funeral
  • Funny
  • funny kids
  • gadgets
  • galleries
  • gamenight
  • garden
  • gardens
  • garter snake
  • gatsby
  • gatsbyjs
  • gearsynper
  • geek
  • gelatin
  • gem
  • gems
  • gems ruby on rails
  • genealogy
  • genius
  • geocaching
  • geotagging
  • girl's camp
  • gistr
  • git
  • github
  • global
  • gmail
  • godaddy
  • Goliath
  • Google
  • google bomb
  • google docs
  • google hacks
  • Gorden B Hinckley
  • government
  • gps
  • grand master
  • grand-teton-national-park
  • graph ql
  • graphcool
  • graphql
  • graphqlsummit
  • great firewall
  • grocery
  • gross
  • group work
  • HABTM
  • Hacks
  • halloween
  • happy
  • has and belongs to many
  • has_many
  • hashgraph
  • Hawaii
  • health
  • health insurance
  • heirachy
  • Heirarchies
  • helps
  • Heroku
  • Holiday
  • home building
  • home improvement
  • home plans
  • homebrew
  • homework
  • hosting
  • house plans
  • House Stuff
  • housing
  • human rights
  • hyperledger
  • i18n
  • ice cream
  • icls2008
  • idaho
  • ideas
  • identity
  • identity_theft
  • iiw2006b
  • image
  • image processing
  • inbox
  • induglences
  • insane
  • inspiration
  • install
  • Instructure
  • Interesting
  • internet
  • Internet Explorer
  • InvalidAuthenticityToken
  • iPhone
  • jackson-hole
  • jamis buck
  • Javascript
  • JavaScript (Programming Language)
  • Javscript
  • Jenna
  • jeweler
  • jobs
  • joyent
  • jQuery
  • jungle disk
  • jurlp
  • justin ball
  • kids
  • knowledge workers
  • lambad
  • laptop case
  • launchup.org
  • lds
  • LDS church
  • learning
  • legal
  • Lego
  • legos
  • leopard
  • lesson
  • Levi Leipheimer
  • Liahona
  • library
  • life
  • lifestream
  • Links
  • litecoin
  • LMS
  • loans
  • localization
  • logan
  • Logan Canyon
  • logistics
  • logitech
  • LTI
  • lucene
  • lucene.net
  • Lucifer
  • luvfoo
  • mac
  • Mac OSX 10.6
  • Mac Ports
  • macbook
  • macbook pro
  • Maker
  • Maker Faire
  • manage
  • marginal changes
  • marion
  • marriage
  • Matt Mullenweg
  • me
  • medicine
  • Meetings
  • merb
  • Mexico
  • micro-blogging
  • microcontent
  • microformats
  • Microsoft
  • Middle East
  • migrations
  • mom
  • money
  • Monitor
  • morph
  • morph exchange
  • morphexchange
  • mortgage
  • mosso
  • motorcycle
  • mountain biking
  • Mountain West Javascript
  • Mountain West Ruby
  • mountain west ruby conference
  • mountainwestrubyconf
  • mozy
  • MRI
  • mtnwestrubyconf
  • muck
  • multi-user
  • music
  • mwjs
  • mwrc
  • mysql
  • mysql gem
  • MYTecC
  • Neat Stuff
  • neighbors
  • newgem
  • No Programming
  • node.js
  • nuclear weapons
  • nutcracker
  • Oahu
  • Oauth
  • oauth-plugin
  • Obama
  • Obie Fernandez
  • OER
  • OER Glue
  • olympic torch
  • olympics
  • omniauth
  • Open Assessments
  • open source
  • OpenContent
  • opened2007
  • OpenID
  • opensocial
  • optimism
  • ordered tree
  • oreos
  • osx
  • outdoors
  • outsourcing
  • ozmozr
  • pain
  • panasonic plasma
  • Paris
  • password recovery
  • payday lenders
  • paypal
  • pety
  • PGP
  • Phil Windley
  • photography
  • photoJAR
  • photos
  • php
  • pickle soup
  • pickup
  • piclens
  • Pictures
  • plasma tv
  • Playa Del Carmen
  • plugin
  • plugins
  • poinsettia
  • Political
  • politics
  • portablecontacts
  • PostGreSQL
  • PostGresSQL
  • poverty
  • privacy
  • problems
  • product: web
  • professional
  • Programming
  • Projects
  • prophet
  • protect_from_forgery
  • protests
  • prototype
  • psych
  • psychology
  • queue
  • rails
  • rails 2.0
  • rails conference
  • Rails I18n Textmate bundle
  • RailsConf
  • RailsConf07
  • rake
  • rant
  • react
  • react router
  • React.js
  • Reactive
  • reactjs
  • reactrouter
  • realestate
  • recipe
  • recommender
  • records
  • red green
  • redirect_to
  • regular expressions
  • relay
  • religion
  • render
  • replace
  • reputation
  • require.js
  • research
  • REST
  • restaurant
  • rFacebook
  • ridiculous
  • rightscale
  • ringside networks
  • river
  • river trail
  • robots
  • romantic
  • roomba
  • rpsec
  • rspec
  • rspec bundle
  • rss
  • ruby
  • Ruby On Rails
  • Ruby On Railst
  • ruby_on_rails
  • rvm
  • s3
  • sad
  • Salesforce
  • samsung ml1740
  • sarah sample
  • scalability
  • School
  • Science
  • scorm
  • scream
  • script.aculo.us
  • SDK
  • search
  • senate
  • SEO
  • serverless
  • servers
  • sessions
  • shopping
  • shortcodes
  • shoulda
  • sign language
  • simple
  • small business
  • snakes
  • Snelgrove
  • social graph
  • social media
  • social network dilution
  • social networking
  • social search
  • Social Software
  • socialsoftware
  • society2.0
  • soda
  • software
  • software design
  • Software Development
  • solidity
  • solo
  • soviet union
  • sovrin
  • sql
  • sql server
  • SQL Server 2005 Express
  • sql server 2008 express
  • starling
  • start ups
  • startups
  • starvation
  • stm bags
  • stm medium alley
  • storage
  • subversion
  • target
  • tax
  • Teachers Without Borders
  • tech
  • teeth whitening
  • template not foudn
  • templates
  • test-spec
  • testing
  • tests
  • textmate
  • thanksgiving point
  • The Japanese Mafia is controlling the weather
  • The Kids
  • The Plan Collection
  • The Web
  • theming skin
  • theplancollection
  • theplancollection.com
  • time
  • timr
  • tips
  • to_json
  • tools
  • Tour de France
  • transfer
  • translations
  • Travel
  • Travel, Disneyland, LA
  • trees
  • trip
  • truffles
  • tutorial
  • tutorials
  • tv
  • twitter
  • Uncategorized
  • uninsured
  • universe
  • unpack
  • unread
  • upgrades
  • uploader
  • uploads
  • user discovery
  • user interface
  • userfly
  • utah
  • utah government
  • utah senate
  • utf8
  • Vacation
  • values
  • vinegar
  • virtual hosts
  • walmart
  • warranty
  • Waste of Time
  • weather
  • Web
  • web design
  • web development
  • Web RTC
  • Web2.0
  • web2con2006
  • webservices
  • weddings
  • Wesley Connell
  • whereigo
  • wife
  • windows
  • Wired
  • wishlist
  • with
  • word press
  • Wordpress
  • work
  • workling
  • wpmu
  • xml
  • yeast
  • yellowstone
  • zentest
©2025 Justin Ball | Powered by SuperbThemes & WordPress