SSO - No OpenID endpoint found

Question

I'm trying to get SSO openid working with dotnetopenauth.

I have two separate projects, being debugged separately (both on localhost but two different ports), one acting as the provider and one as the relying party.

The relying party is running on localhost:1903. The provider is running on localhost:3314.

Relying party code:

    public ActionResult Authenticate()
    {
        UriBuilder returnToBuilder = new UriBuilder(Request.Url);
        returnToBuilder.Path = "/OpenId/";
        returnToBuilder.Query = null;
        returnToBuilder.Fragment = null;

        Uri returnTo = returnToBuilder.Uri;
        returnToBuilder.Path = "/";
        Realm realm = returnToBuilder.Uri;
        realm = "http://localhost:3314/OpenId/";
        returnTo = new Uri("http://localhost:3314/OpenId/");
        var response = openid.GetResponse();

        if (response == null) {
            if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {
            } else {
                string strIdentifier = "testidentifier";
                var request = openid.CreateRequest(
                    strIdentifier,
                    realm,
                    returnTo);

                var fetchRequest = new FetchRequest();
                request.AddExtension(fetchRequest);
                request.RedirectToProvider();
            }
        } else {
            switch (response.Status) {
                case AuthenticationStatus.Canceled:
                    //stuff got cancelled for some reason
                    break;
                case AuthenticationStatus.Failed:
                    //response.Exception.Message;
                    break;
                case AuthenticationStatus.Authenticated:
                    //a bunch of applying roles that i don't think we care about
                    break;
            }
        }

        return new EmptyResult();
    }

Provider code:

    public ActionResult Index()
    {
        IAuthenticationRequest iR = (IAuthenticationRequest)Request;

        if (iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) {
            iR.IsAuthenticated = false;
            return new EmptyResult();
        }

        if (iR.IsDirectedIdentity) {
            if (User.Identity.IsAuthenticated) {
                iR.LocalIdentifier = BuildIdentityUrl();
                iR.IsAuthenticated = true;
            } else {
                if (iR.Immediate || ImplicitAuth) {
                    iR.IsAuthenticated = false;
                } else {
                    if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
                        return RedirectToAction("Login", "User");
                    }
                }
            }
        } else {
            string userOwningOpenIdUrl = ExtractUserName(iR.LocalIdentifier);

            iR.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name;

            if (!iR.IsAuthenticated.Value && !ImplicitAuth && !iR.Immediate) {
                if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
                    return RedirectToAction("Login", "User");
                }
            }
        }

        if (iR.IsAuthenticated.Value) {
            var fetchRequest = iR.GetExtension<FetchRequest>();

            if (fetchRequest != null) {
                var fetchResponse = new FetchResponse();
                //roles and stuff

                iR.AddResponseExtension(fetchResponse);
            }
        }

        return new EmptyResult();
    }

I get the error when I run the relying party code, on the openid.CreateRequest method. I enabled debugging on my provider code and it never gets hit.

Researching the error, I found a lot of suggestions about proxy problems but that shouldn't be an issue for me as I'm only going to localhost.

Perhaps it's something fairly obvious but I'm at a loss as to what I'm doing wrong.

Thanks in advance for the help!

EDIT: FYI, I got this code from the DotNetOpenAuth samples.

Answer 1

Well, I ended up stepping through the source manually and somewhat figured out the problem.

Turns out dumdum was somewhat correct - my first issue was that it did want a URI as a the identifier, so once I changed my identifier to http://localhost:3314/OpenId/ (even though that's not valid, per se) I got over that exception.

The second problem was that I forgot to add information to web.config - so localhost was not whitelisted and CreateRequest failed there.

After I fixed those two issues my provider code got hit fine - I'm running into other errors there but that's for a separate question I imagine.

Web.Config:

<configSections>
  <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth">
    <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    </sectionGroup>
</configSections>

<dotNetOpenAuth>
<openid>
  <relyingParty>
    <security requireSsl="false">
      <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
      <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
        <add endpoint="https://www.google.com/accounts/o8/ud" />
      </trustedProviders>-->
    </security>
    <behaviors>
      <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
           with OPs that use Attribute Exchange (in various formats). -->
      <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/>
      <!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth" />-->
    </behaviors>
    <!-- Uncomment the following to activate the sample custom store.  -->
    <!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />-->
  </relyingParty>
</openid>
<messaging>
  <untrustedWebRequest>
    <whitelistHosts>
      <!-- since this is a sample, and will often be used with localhost -->
      <add name="localhost"/>
    </whitelistHosts>
  </untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true"/>
</dotNetOpenAuth>

Answer 2

I'm not sure if you are have the same issue as me, but... For me I got this error after it prompted me for an openid if I entered something like "bob" as the user name. When I entered a valid open id such as dumdum@yahoo.com, it got past this issue. It seems like the exception handling for completely improbable open ids needs to be buttoned up.

Answer 3

I had the same problem recently and it turned out that the problem was not in my application but on the side of the openID server. When calling the openID server it returned 500 - internal server error and my application threw protocol exception - No OpenID endpoint found on line openId.CreateRequest(Identifier.Parse(openIdServer)).

I contacted the administrator of the OpenID server who fixed the internal server error and everything work just fine (as befor the error).

Why is the DotNetOpenAuth trowing such a stupid exception that is a question...