Cryptosmith

Note that OpenID now works on Cryptosmith.

My original post:

I just activated the Open ID plugin for my Wordpress blog (wp-openid 2.2.0). As with the previous release, it still doesn’t work for me. I tried logging in with two different Open ID providers, and both responded with “Could not discover an OpenID identity server endpoint at the url: [full https Open ID URL].

I’m wondering if this is a matter of how Open ID is supposed to be used, or if it’s just a fragile technology.

Another post suggests that that’s the problem: Open ID fails due to unexpected settings on the client blog and the identity server.

I can see where this can be a problem - I like to think of myself as a simple out-of-the-box soft of blogger, but in fact I have my own oddities, like SSL.

On the other hand, I’ve tried using both Yahoo and Verisign - both free and presumably well known sources for Open ID. This all suggests a problem with the blog environment (I’m on GoDaddy) than with the Open ID providers.

I just tried it with Wordpress.com’s Open ID service, and I got a tiny bit farther: Wordpress demanded that I be logged in before proceeding. Unfortunately, I was logged in, and no fancy footwork seemed to convince the site otherwise.

Even worse, this fooling around has apparently messed up the site cookies - I am no longer able to switch between admin screens and blog screens without losing the login context. So some of this reflects an instrinsic weakness in how Wordpress handles logins, some may be Open ID problems, and some may be Wordpress SSL problems.

So it’s not just the Open ID plugin.

Posted under Information Security |