WordPress.org

Ready to get started?Download WordPress

Forums

Mozilla Persona (BrowserID)
[resolved] [Plugin: Mozilla Persona] Verification failed after upgrade of the BrowserID plugin (14 posts)

  1. mcepl
    Member
    Posted 2 years ago #

    When I have upgraded to 0.29, I get this on login (BrowserID used to work fine with the previous version of the plugin):

    `
    Verification failed
    audience=luther.ceplovi.cz
    vserver=browserid.org
    time=1342473729
    Array
    (
    [status] => okay
    [email] => matej@ceplovi.cz
    [audience] => luther.ceplovi.cz
    [expires] => 1342473845938
    [issuer] => login.persona.org
    )
    `

    Any ideas, where does plugin get that browserid.org idea?

    http://wordpress.org/extend/plugins/browserid/

  2. twisterss
    Member
    Posted 2 years ago #

    Hi,
    I have had the same problem. You should put https://login.persona.org/verify as your verification server in the plugin configuration.
    It seems that there is a redirection which makes the verification fail.

    (Also, I have written a .po file for French, if anyone is interested)

  3. mcepl
    Member
    Posted 2 years ago #

    Would you help this idiot to find the place where the configuration should go? wp-config.php? Something like

    if ( !defined('browserid_vserver') )
    define('browserid_vserver', 'https://login.persona.org/verify');

    ???

  4. mcepl
    Member
    Posted 2 years ago #

    Sorry, I am an idiot ... got it. Configuration is not in Plugins tab, but in (surprise, surprise!) Configuration one.

  5. Marcel Bokhorst
    Member
    Plugin Author

    Posted 2 years ago #

    Version 0.31 should fix this problem (and more :-)

  6. Marcel Bokhorst
    Member
    Plugin Author

    Posted 2 years ago #

    Also, I have written a .po file for French, if anyone is interested

    Please contact me here.

  7. mcepl
    Member
    Posted 2 years ago #

    Notice: Undefined index: browserid_sitename in /usr/share/wordpress/wp-content/plugins/browserid/browserid.php on line 482 Notice: Undefined index: browserid_sitelogo in /usr/share/wordpress/wp-content/plugins/browserid/browserid.php on line 493
    
    Plugin reactivated successfully.

    ??? It seems to work fine, just that Notice makes me wonder.

  8. Marcel Bokhorst
    Member
    Plugin Author

    Posted 2 years ago #

    The just released version 0.32 will fix these notices.
    Thanks for reporting!

  9. Francois Marier
    Member
    Posted 1 year ago #

    Actually, that URL is wrong. It currently works but that's a bug that we will be fixing soon.

    The correct URL for the verifier is:

    https://verifier.login.persona.org/verify

  10. Marcel Bokhorst
    Member
    Plugin Author

    Posted 1 year ago #

    @Francois Marier

    It would be smarter to inform me earlier of these kind of changes, so I can fix things in time. Please realize that I am not always around to do last minute fixes.

    Furthermore I cannot fix this, because the mentioned URL reports 'login.persona.org' as issuer. There is a security check in place that verifies if the server URL (verifier.login.persona.org) equals to the reported issuer (login.persona.org). I could remove this check, but IMHO it is safer to leave it there.

  11. Francois Marier
    Member
    Posted 1 year ago #

    @Marcel

    Sorry for the late notice. We now have a very low traffic mailing list that you could join to get notified of changes that might impact your plugin:

    https://mail.mozilla.org/listinfo/persona-notices

    I've looked at your code and here is my proposed fix:

    https://github.com/fmarier/wordpress-browserid/commit/74459e0c34ffb76f8fa2ab6d80f9684330c2f288

    It uses the right hostname for the verifier while still maintaining the security check you have. It's worth noting that the certificate issuer is no longer the same as the verifier.

  12. Marcel Bokhorst
    Member
    Plugin Author

    Posted 1 year ago #

    The problem with your fix is that you are assuming that the issuer is always 'login.persona.org'. What if somebody uses another verification server?

  13. Francois Marier
    Member
    Posted 1 year ago #

    Actually, you're right, my fix is wrong!

    However, it's not exactly what you said. The server that issues certificates actually has nothing to do with the server that verifies these certificates.

    So while an admin who installs your plugin can choose to switch to a different verification server, they cannot choose to use a different certificate issuer.

    The certificate issuer is determined by the email address that the end user uses to log in. Currently, almost all of the emails are using what we call the "fallback identity provider" (login.persona.org) to get a certificate. However, if an email is from a domain which runs a primary identity provider, then the issuer will be that domain.

    You can try it out yourself:

    1. create an "email" account on http://eyedee.me
    2. try logging into your wordpress site with yourself@eyedee.me

    This will fail because the issuer of your certificate will be "eyedee.me", not "login.persona.org"

    I have added a second patch to my repository to fix this:

    https://github.com/fmarier/wordpress-browserid/commit/6bab1382cd56a02c6aa64bb1f6fb170db8bd744f

  14. Marcel Bokhorst
    Member
    Plugin Author

    Posted 1 year ago #

    Okay, thanks for the explanation/demonstration of the issuer field.

    I have just released version 0.33 that updates the verifier URL and disables the issuer check.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic