com.google.step2.xmlsimplesign.XmlSimpleSignException
Implements Next-Generation OpenID discovery, based on Link-headers, link-elements, and host-meta. There are two different discovery operations available: (1) discover the OP endpoint(s) for a "site", and (2) discover the OP endpoint(s) for an OpenID (aka claimed id, which is the id of a user) Case (1) is for when users merely indicate the IdP to the RP, case (2) is for when users actually submit their OpenID (claimed id) to the RP, and also used during the validation of an authentication response from an IdP. The strategy for case (1) is as follows: - find the host-meta file for the site. - find a link in the host-meta that points to an XRD(S) metadata document for the site - follow the links in the XRD(S) to find the OP endpoint. The strategy for case (2) is as follows: - Try host-meta strategy (2a) - If that fails, link-header strategy (2b) - If that fails, try link-element strategy (2c) Strategy (2a) works as follows: - find the host-meta file for the host identified in the claimed id. - in the host-meta file, check whether a Link-Pattern in the host-meta points to an XRD(S) for the claimed id, and if so, skip the next two steps. - if not, find a Link in the host-meta that points to an XRD(S) metadata document for the site. - follow the URITemplate link in the site XRD(S) to find the XRD(S) for the the claimed id. - follow the links in the XRD(S) to find the OP endpoint. Strategy (2b) works as follow: - Find a link in the HTTP headers in the HTTP response that points to an XRD(S) metadata document for the claimed id. - follow the links in the XRD(S) to find the OP endpoint. Strategy (2c) works as follow: - Find an HTML link element in the document returned from the claimed id that points to an XRD(S) metadata document for the claimed id. - follow the links in the XRD(S) to find the OP endpoint. For backwards compatibility, we also provide a generic discover() method, which decides whether to use site-discovery or user-id-discovery based on the type of the provided identifier. This allows us to use this class inside the openid4java library. When calling this class through the legacy generic discover() method, we also employ a "fallback" strategy, i.e. we first try the strategy described above, and then fall back to OpenID 2.0-style discovery, if the strategy above doesn't yield any results.