Google OpenID not working with OpenID plugin in WordPress

The OpenID plugin for WordPress doesn’t seem to accept either of the Google OpenID provider links:

http://google.com/profiles/username

or

Read More
https://google.com/accounts/o8/id

It returns the error (for both):

Could not discover an OpenID
identity server endpoint 
at the url:
http://google.com/profiles/username

Any idea why? The janrain engage plugin works, but I can’t use that because of other issues with that.

Related posts

Leave a Reply

5 comments

  1. The problem is solved. Since Google, Yahoo and some other OpenID providers provide https endpoints, curl tries to verify the other end when making a POST request to it — since curl does not come with a pack of CA certificates, it fails on all such endpoints.

    The solution is either to tell curl not to verify the provider or give it the correct CA certificate for Google.

  2. Must be an issue with the CA certificates on your server. Google has a lot of trouble with their certificates.

    Also, I have got this working on my system with Apache, may be trouble with your server too. Try finding a pack of CA certificates for your system and installing it.

  3. Please check for missing plugins in php installtion

    /etc/php.d/dom.ini, 
    /etc/php.d/mysql.ini, 
    /etc/php.d/mysqli.ini, 
    /etc/php.d/pdo_sqlite.ini, 
    /etc/php.d/wddx.ini, 
    /etc/php.d/xmlreader.ini, 
    /etc/php.d/xmlwriter.ini, 
    /etc/php.d/xsl.ini, 
    
  4. As @Vanwaril and @tarantinofan pointed out, the correct way to do this is get the proper certs installed on your server.

    If however, you choose to take the other route, as @Vanwaril mentioned, and comment out the lines in the openid code base that is responsible for the endpoint verification then do the following:

    openidlibAuthYadisParanoidHTTPFetcher.php – insert the following line after line 152

    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
    

    openidlivAuthOpenIDconsumer.php – comment out lines 970 to 979 in the _idResCheckSignature function so that the function returns null rather than an openid error

    Again, this is not recommended but you can at least move forward until you can get the proper certs installed on your server.

    EDIT: and this link is very helpful for dealing with the certs:
    https://web.archive.org/web/20090214215411/http://curl.haxx.se/docs/sslcerts.html

  5. I was getting the same error and inspecting apache error logs I got the following

    CURL error (60): SSL certificate problem: unable to get local issuer certificate

    This was being caused by curl calls from the OpenID plugin.

    The following worked for me. Source: https://stackoverflow.com/a/21114601/3826642

    1. Use this certificate root certificate bundle:
      https://curl.haxx.se/ca/cacert.pem

    2. Copy this certificate bundle on your disk. And use this on php.ini

      curl.cainfo = "path_to_certcacert.pem"

    Be sure to restart the server after you make changes.