Drupal/Launchpad login module

Cannot Login: 403

Bug #401907 reported by Evan Boldt
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Drupal/Launchpad login module
Invalid
Undecided
Unassigned
SpreadUbuntu
Invalid
Undecided
Unassigned

Bug Description

When I first set up OpenID and the Launchpad OpenID module, users would get a 404 error message on my site after they logged in using Launchpad's page.

I discovered after looking through my logs, that it was actually a 403, and Apache could not find the 403 page.

I attempted to modify .htaccess to show the proper error message, and thought it went right to the front page without logging in the user.

After fixing that with .htaccess properly, the 403 page came up. How is it that users do not have permission to log in using OpenID? There are no permission settings for that, other than the ones located in User Settings, and I have tried all possible combinations of those 3 options.

This is what the URL looks like that they are sent to:
http://spreadubuntu.neomenlo.org/openid/authenticate?openid.assoc_handle={HMAC-SHA1}{4a58abdf}{Z%2BZlnQ%3D%3D}&openid.claimed_id=https://login.launchpad.net/%2Bid/AeHBkrT&openid.identity=https://login.launchpad.net/%2Bid/AeHBkrT&openid.lp.is_member=spreadubuntu,spreadubuntu-admins&openid.mode=id_res&openid.ns=http://specs.openid.net/auth/2.0&openid.ns.lp=http://ns.launchpad.net/2007/openid-teams&openid.ns.sreg=http://openid.net/extensions/sreg/1.1&openid.op_endpoint=https://login.launchpad.net/%2Bopenid&openid.response_nonce=2009-07-19T19:17:15ZiwMQmp&openid.return_to=http://spreadubuntu.neomenlo.org/openid/authenticate&openid.sig=eb16A8YcXR4E%2BgbSixEhSUFA4Ho%3D&openid.signed=assoc_handle,claimed_id,identity,lp.is_member,mode,ns,ns.lp,ns.sreg,op_endpoint,response_nonce,return_to,signed,sreg.nickname&openid.sreg.nickname=edb82189

It does not look like it has any errors to me, so I think it is something wrong with my configuration. If i delete everything after /openid/authenticate it does not put up a 403, and takes the user to the front page, where it says that there was an error logging in. I mention this because it is interesting that that is what it takes to get it to do anything other than a 403.

I have tried getting other launchpad users to try, and that does not work. I do not believe it is because of any username or email conflicts, since I have gone through and made sure that the users attempting do not already have an account that matches the username or email.

I have also tried several different versions of the OpenID module, like the one included in drupal 6.x and the modified one on Launchpad.

I have i18n, and locales enabled with the /en style domains.
Clean URLs are enabled.

If you wish to try for yourself, the site is http://spreadubuntu.neomenlo.org

Revision history for this message
Evan Boldt (echowarp) wrote :

I forgot to mention that there are no further errors anywhere. Not in the syslog, not in Drupal's watchdog, and not displayed on the 403 page.

Revision history for this message
Evan Boldt (echowarp) wrote :

This error was caused by an Apache mod_security rule. HostGator by default uses a rule that for some reason prevents all Drupal OpenID from working. It can be fixed by talking to support.

Changed in spreadubuntu:
status: New → Invalid
Changed in drupal-launchpad:
status: New → Invalid
Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote :

Thanks - I've converted this to a question.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.