Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks

Question

We use OpenAuthAuthentiocation.dll and get the following warning:

Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks

How can we fix it? How can I make this warning disappear?

This is not a question. And the message you quote is not an error. It's an informational warning. — Andrew Arnott, Aug 15 '12 at 03:20

score 3 · Accepted Answer · edited Aug 28 '16 at 21:30

You can make the warning disappear by raising the minimum OpenID version requirement for Providers to 2.0 yourself in your configuration file^{[semi-dead link]}.

<dotNetOpenAuth>
    <openid>
        <relyingParty>
            <security minimumRequiredOpenIdVersion="V20" />
        </relyingParty>
    </openid>
</dotNetOpenAuth>

The effect is the same on your RP, but since you're doing it yourself, DotNetOpenAuth won't warn you that it is doing it for you.

Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks

1 Answers1