Fedora ID and HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi list,

tl;dr: Why is the Fedora ID server using HTTP communication by default?

Some context:

I was debugging a login process for the www.softwarecollections.org
website, which utilizes Fedora ID. After pulling my hair for a bit,
it turned out that the somewhere along the network road,
any un-encrypted HTTP requests were getting blocked,
while HTTPS requests were allowed.
This causes the login process to timeout in the middle,
since it tried to do OpenID discovery using HTTP.

Now, I really do not understand how the OpenID is *supposed* to work,
but unless I missed something, the HTTP requests were issued
in reaction to initial response from the Fedora ID service.
To put it differently, my app was instructed to issue next request
in the process on HTTP, even if the original one was over HTTPS.

AFAIK that requests is immediately 302'd to HTTPS afterwards,
but given the network settings, I have never get that far.
That got me wandering – why is the HTTPS not used in the communication
by default? In other words, why are the URLs returned in responses from
Fedora ID using HTTP instead of HTTPS, when the redirect suggests
that HTTPS is preferred?

As stated above, I have no real idea about how OpenID actually works,
so link to the docs and "That's why" is considered a perfectly valid
answer :)

Preliminary thanks to anyone who takes the time to educate me on this!
--
Jan Staněk
Software Engineer, Red Hat
jstanek@xxxxxxxxxx   irc: jstanek

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux