When trying to login via browserid on http://mozillaindia.org we are getting the following in an alert box

An unknown error occurred while attempting to validate your BrowserID login. After clicking "OK," you will be redirected to a page where you can log in without BrowserID or try logging in with BrowserID again.

kindly help

CommentFileSizeAuthor
Error Screenshot293.95 KBabhisheknagar
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

IceCreamYou’s picture

IceCreamYou CreditAttribution: IceCreamYou commented
Category: bug » support
Status: Active » Postponed (maintainer needs more info)

This error occurs if the module can't validate you. There are a couple of ways this can happen: if you don't have the log in using browserid permission, if you have a JavaScript error on your page before Drupal.settings is evaluated, if you try to log in when you're already logged in, or if the assertion or token request parameters are invalid or otherwise un-verifiable. You should check what is happening by using the Firebug extension for Firefox, clicking the "Persist" button on the Console tab, and watching the requests that occur as you try to log in. You will be able to see what parameters get sent and received. A successful request will go to index.php?q=browserid/verify and return a JSON string representing an object with either a "reload" or "destination" parameter. The server-side login logic occurs in browserid_verify() and browserid_verify_request() if you would like to debug further there.

jsmolina’s picture

jsmolina CreditAttribution: jsmolina commented
Priority: Normal » Major
Status: Postponed (maintainer needs more info) » Patch (to be ported)
Issue tags: +patch, +Security, +improvement

Hi,

I also saw this error, so I've enhanced this module working with BrowserID team recommendations:

* Fixed security errors with audience
* Fixed Content-Type of verifier HTTP POST
* Added status == "okay" check, which is required
* Added watchdog logging
* Added README (second attachment)

These files are uploaded here:
https://gist.github.com/2965430

IceCreamYou’s picture

IceCreamYou CreditAttribution: IceCreamYou commented
Priority: Major » Normal
Status: Patch (to be ported) » Postponed (maintainer needs more info)
Issue tags: -patch, -Security, -improvement

@jsmolina: I can't properly review your patch unless it's created with git and uploaded to d.o. See https://drupal.org/node/707484 for help.

If you believe your patch fixes a security error then you must follow the procedure for reporting security bugs; however from briefly looking at the patch I don't think this is the case.

jsmolina’s picture

jsmolina CreditAttribution: jsmolina commented

Sorry, but I didn't had enought time for changing the patchfile to the one you expected. As I told you, it has many important improvements.
The security issue is very minor, only affecting the way you choose the audience, the most important things are related to the integration with the current mozilla developments (and from them I got the advices for the patch).
As soon as I can I will upload it in the proper format.

IceCreamYou’s picture

IceCreamYou CreditAttribution: IceCreamYou commented
Status: Postponed (maintainer needs more info) » Fixed

Committed fix to dev.

This is somewhat similar to what jsmolina did I think, minus the audience stuff.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.