}
// stateless, bare response, or the user changed the ID at the OP
_log.info("Proceeding with stateless mode / bare response verification...");
DiscoveryInformation firstServiceMatch = null;
// assuming openid.identity is the claimedId
// (delegation can't work with stateless/bare resp v1 operation)
if (DEBUG) _log.debug(
"Performing discovery on the ClaimedID in the assertion: " + assertId);
List discoveries = _discovery.discover(assertId);
Iterator iter = discoveries.iterator();
while (iter.hasNext())
{
DiscoveryInformation service = (DiscoveryInformation) iter.next();
if (service.isVersion2() || // only interested in v1
! service.hasClaimedIdentifier() || // need a claimedId
service.hasDelegateIdentifier() || // not allowing delegates
! assertId.equals(service.getClaimedIdentifier().getIdentifier()))
continue;
if (DEBUG) _log.debug("Found matching service: " + service);
// keep the first endpoint that matches
if (firstServiceMatch == null)
firstServiceMatch = service;
Association assoc = _associations.load(
service.getOPEndpoint().toString(),
authResp.getHandle());
// don't look further if there is an association with this endpoint
if (assoc != null)
{