AOL openid website verification

Question

Iam trying to use AOL openid, nut am getting "AOL is unable to verify this website"

can somebody tell me the steps to avoid this error, what should I don on my end.

If there is some sample code please share it - thanks in advance

Regards,

Navin

---

George thank you for you answer, however I have issue in make it work, my xrds file as follows

<?php
header('Content-type: application/xrds+xml');
$xrdstext = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
    $xrdstext =$xrdstext . "<xrds:XRDS";
    $xrdstext =$xrdstext ." xmlns:xrds=\"xri://$xrds\"";
    $xrdstext =$xrdstext ." xmlns:openid=\"http://openid.net/xmlns/1.0\"";
    $xrdstext =$xrdstext ." xmlns=\"xri://$xrd*($v*2.0)\">\n";
    $xrdstext =$xrdstext ."<XRD>\n";
    $xrdstext =$xrdstext ."<Service xmlns=\"xri://$xrd*($v*2.0)\">\n";
    $xrdstext =$xrdstext ."<Type>http://specs.openid.net/auth/2.0/return_to</Type>\n";
    $xrdstext =$xrdstext ."<URI>http://localhost:56709/myproject/socialoauth.aspx</URI>\n";
    $xrdstext =$xrdstext ."</Service>\n";
    $xrdstext =$xrdstext ."</XRD>\n";
    $xrdstext =$xrdstext ."</xrds:XRDS>";
echo $xrdstext;
?>  

and my request url is

https://api.screenname.aol.com/auth/openidServer?openid.claimed_id=http://openid.aol.com/navinleon&openid.identity=http://openid.aol.com/navinleon&openid.return_to=http://localhost:56709/myproject/socialoauth.aspx&openid.realm=http://mydomain.com/xrds/&openid.mode=checkid_setup&openid.assoc_handle=f457ae42e94c11e0811b002655277584&openid.ns=http://specs.openid.net/auth/2.0&openid.ns.alias3=http://openid.net/srv/ax/1.0&openid.alias3.if_available=alias5&openid.alias3.required=alias1,alias2,alias3,alias4,alias6,alias7&openid.alias3.mode=fetch_request&openid.alias3.type.alias1=http://axschema.org/namePerson/friendly&openid.alias3.count.alias1=1&openid.alias3.type.alias2=http://axschema.org/namePerson/first&openid.alias3.count.alias2=1&openid.alias3.type.alias3=http://axschema.org/namePerson/last&openid.alias3.count.alias3=1&openid.alias3.type.alias4=http://axschema.org/contact/country/home&openid.alias3.count.alias4=1&openid.alias3.type.alias5=http://axschema.org/pref/language&openid.alias3.count.alias5=1&openid.alias3.type.alias6=http://axschema.org/contact/email&openid.alias3.count.alias6=1&openid.alias3.type.alias7=http://axschema.org/birthDate&openid.alias3.count.alias7=1

am not sure what am doing wrong
please help...

Answer 1

So the reason for this error is that AOL is unable to verify the Rely Party return_to URL (per section 13 of the OpenID 2 spec [http://openid.net/specs/openid-authentication-2_0.html#rp_discovery]). This step is performed to protect the user from an attack where the realm specified doesn't match the return_to URL.

To get rid of this error, you need to support XRDS discovery via the specified realm string. Based on the screenshot, this just means adding support into the server running on localhost.

Basically, an HTTP request to http://localhost:56709 with an Accept HTTP header of application/xrds+xml should return either a response HTTP header of X-XRDS-Location with a value specifying the location of the XRDS file, or it can return the XRDS document directly.

The XRDS document should look something like this...

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
  xmlns:xrds="xri://$xrds"
  xmlns:openid="http://openid.net/xmlns/1.0"
  xmlns="xri://$xrd*($v*2.0)">
  <XRD>

  <Service xmlns="xri://$xrd*($v*2.0)">
    <Type>http://specs.openid.net/auth/2.0/return_to</Type>
    <URI>http://localhost:56709/return_to/url/path</URI>
  </Service>

  </XRD>
</xrds:XRDS>

NOTE: HTTP requests to localhost will fail as it's not possible to reach that site. The warning will continue until the XRDS document is deployed to a reachable site.