I'm trying to use Omniauth to provide simple, basic authentication against Google Apps. Everything works fine locally (even in production mode), but on Heroku I get the following:
app[web.1]: Started GET "/auth/admin" for 24.155.228.161 at Fri Jul 22 15:10:26 -0700 2011
heroku[router]: Error H12 (Request timeout) -> GET example.com/auth/admin dyno=web.1 queue= wait= service=30000ms status=503 bytes=
heroku[router]: Error H12 (Request timeout) -> GET example.com/ dyno=web.1 queue= wait= service=30000ms status=503 bytes=0
app[web.1]: Generated checkid_setup request to https://www.google.com/a/example.com/o8/ud?be=o8 with assocication AOQobUegRUNfEpz1JOO2bZe0zXrjkdIvdsjpVyCh3rtbL_s-GSfhQ_zY
My setup is as follows;
# initializers/omniauth.rb
require "openid/fetchers"
OpenID.fetcher.ca_file = "#{Rails.root}/cacert.crt"
require 'openid/store/filesystem'
Rails.application.config.middleware.use Om开发者_如何学JAVAniAuth::Builder do
provider :google_apps, OpenID::Store::Filesystem.new('./tmp')
use OmniAuth::Strategies::GoogleApps, OpenID::Store::Filesystem.new('./tmp'), :name => 'admin', :domain => 'bcarc.com' #, :client_options => {:ssl => {:ca_file => './cacert.crt'}}
end
I've tried switching to memcached, but I can't get either memcached-northscale or dalli to work, and in any case I've verified that nonces are being saved in ./tmp correctly, so I don't think that's the problem.
I was getting an error about CA certs, but specifying the certificates file to the fetcher solved that, and I'm still getting the timeout.
Any suggestions?
UPDATE: I've tracked this down to the OmniAuth's callback handler. The request gets sent to Google Apps, but the callback times out before the callback controller has a chance to do anything.
OK, so after much hair-pulling it looks like this is a problem with OmniAuth handline Google Apps URI's. I've ended up using the plain vanilla google OpenID endpoint and then verifying the domain in my controller manually. For anyone that's interested, my code looks like this now:
require "openid/fetchers"
OpenID.fetcher.ca_file = "#{Rails.root}/cacert.crt"
require 'openid/store/filesystem'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :openid, OpenID::Store::Filesystem.new('./tmp')
use OmniAuth::Strategies::OpenID, OpenID::Store::Filesystem.new('./tmp'), :name => 'openid', :identifier => 'https://www.google.com/accounts/o8/id'
end
The first two lines eliminate some SSL warnings Heroku throws. I'm using ./tmp for file storage and that's working just fine. In my controller I have an if/then clause that checks for my domain in the authenticated email and redirects to a page telling the user to select the correct account.
This isn't an idea solution, but I was unable to get anything to work using either app-specific OpenID identifiers.
I have the same issue, but it's only when I try to authenticate against the same domain as the domain the heroku app is responding to. Authenticating against other domains on google apps work fine.
I believe the issue is because there is some kind of blocking pingback either from google or the omniauth gem, to domain/openid?=some_number. Because the dyno is busy serving the request for /auth/google_apps then it can't answer the other request and hence it times out. I'll let you know if I figure out a way to avoid that blocking request.
I was having the same problem in development. Based off @Kerinin's hard work, this what I ended up with, and seems to be working so far...
Rails.application.config.middleware.use OmniAuth::Builder do
use OmniAuth::Strategies::OpenID, name: 'openid', identifier: 'https://www.google.com/accounts/o8/id'
end
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论