Server responds that the 'check_authentication' call is not valid about ruby-openid HOT 3 CLOSED

We have a user in our application experiencing this same issue. So far as I can tell it's only the single user.

We're using an internal provider.

Using 2.7 version of the gem.

from ruby-openid.

As a follow up to my previous comment, here is the result of some investigation from one of our teams:

"For those curious, the issue arises due to non-standard handling of the x-www-form-urlencoded media type in both Apache Tomcat (our webserver) and the Apache HTTP client library used by openid4java (the typical Java client library for OpenID 2). This media type does not permit any parameters, but the client library is adding one anyway, sending "application/x-www-form-urlencoded; charset=UTF-8". Our web server also follows non-standard behavior by accepting and using the character encoding specified in that header, leading to Java applications functioning correctly. In contrast, the Ruby OpenID gem is sending the raw (spec-complaint) header value of "x-www-form-urlencoded", which exposes the poor behavior of our server."

I was struggling to figure out why some of our Ruby applications were exhibiting this issue with specific users but those same users could log into other applications. Hopefully this helps others that run into the same problem.

In our case the team that did the investigation is going to fix it on the server side, but if that isn't an option for others (maybe you don't have any access or control over the provider) then you might be able to add the non-standard headers to mimic the Java client behavior.

from ruby-openid.

This repo is being archived. Closing issue.

from ruby-openid.