0

I just moved a drupal website from one server to another. On the original server the site was set up directly in apache. On the new server, i have a docker layer in between:

The machine runs a debian system with docker, and the (currently only) docker container features a debian/apache2/mysql/php setup. The container's ports 80 and 443 are exposed to the outside, and the migrated website works just fine. With one exception:

The migrated drupal website contains an openid_provider module. I used this to login to other sites. However, since the migration this function has broken: On most of the sites i try to login using openid (other drupal sites, wordpress, mediawiki) the login fails. These sites raise messages in the form "OpenID verification failed: Server denied check_authentication".

Fun fact: openid login still works on stackexchange sites ;)

Does anyone have a clue what is going on? There's no (related) errors or warnings in the apache logs - neither on the open_id providing, migrated site, nor in the client logs.

I don't have an idea where and how to start debugging. Let me know, if you need more details.

Here's the drupal module i use: https://www.drupal.org/project/openid_provider (I know, it's deprecated).

Any help would be appreciated.

lcd047
  • 105
  • 2
Stephan Richter
  • 191
  • 11
  • Check your Drupal logs. – Michael Hampton Apr 21 '15 at 15:07
  • i enabled openid_provider debug mode. on the provider side, i get success notes: automatic response authentication success using redirect to https://ah-dienste.de/openid/authenticate?destination=node/12 (request dump: `array ( 'q' => 'openid/provider', 'openid.mode' => 'checkid_setup', 'openid.identity' => 'http://specs.openid.net/auth/2.0/identifier_select', 'openid.assoc_handle' => '...', 'openid.return_to' => '...', 'openid.ns' => '...', 'openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select', 'openid.realm' => 'https://ah-dienste.de/', ... )` – Stephan Richter Apr 21 '15 at 15:16

1 Answers1

0

Turns out to be a name resolution related problem:

All sites, for which the auth request failed lay on the same server. This server had an entry in /etc/hosts which resolved the domain name of the OpenID provider website to its old ip. After removing that entry, everything works fine.

This also explains, why it works for some other services (which are hosted on other servers).

Fun fact: I spent 3 days debugging the Drupal OpenId module, just overseeing the obvious.

Stephan Richter
  • 191
  • 11