Why doesn't OpenID work with version 1.5.9?

Questions related to the configuration of Joomla, Templates, and Security related questions/issues
Post a reply
Rate this topic: Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.
GK User
Tue Feb 17, 2009 8:54 am
OpenID transition problem - with updated plugin users start to get message "You do not have access to the administrator section of this site".

In recently upgraded OpenID plugin, which now supports OpenID 2.0 authentication there is a 'Convert Old Usernames' option (set to 'Yes' by default). It should auto-convert old usernames in style 'username.myopenid.com' (1) to 'http://username.myopenid.com/' (2). But as per internal implementation, conversion works only if user's password field in database is empty. But as far as I was able to simulate, this field is never empty even for new users with blank passwords. Therefore, conversion is never started. With upgrade to Joomla 1.5.9 OpenID users with usernames in form (1) lose ability to log into Joomla - because of the password=' ' criteria, database of users is always searched for (2) (returned by OpenID provider), instead of falling back to search for (1) (entered by user). Thus despite successful authentication of user at OpenID provider, upon his return to Joomla login page error message appears "You do not have access to the administrator section of this site".

All this applies to users added from the backend. OpenID users added from the frontend have the password field empty as expected so 'Convert Old Usernames' will work normally for them.
If decided to correct those backend users, don't forget to backup your site before corrections.

WORKAROUND 1 (in admin user interface, but may not work for all users):
In administrator user interface, manually correct usernames of OpenID users to correct form (2). But the problem is that form (2) may not be necessarily known to you.

WORKAROUND 2 (in database administration user interface, reliably resolves the problem):
In database table <yourprefix>_users (e.g. jos_users) clear password field for each OpenID user. They will be allowed to log in seamlessly and their usernames will be corrected automatically as originally planned (when 'Convert Old Usernames' option is set to 'Yes').

Note: Choosing not to upgrade your OpenID plugin (not to copy files in path /plugins/authentication) is not recommended as it will not work.
User avatar
Senior Boarder
cron