what does openid provider return during discovery?

Question

i am making an openid provider. but i'm stuck at the discovery step. what i have done is as following:

1. relying party goes to my discovery url
2. my server (openid provider) return the following document (content type: application/xrds+xml)

<?xml version="1.0" encoding="UTF-8"?>

<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">

<XRD>

<Service priority="0">

<Type>http://specs.openid.net/auth/2.0/server</Type>

<URI>my_endpoint_url (an https address, with self signed certificate)</URI>

</Service>

</XRD>

</xrds:XRDS>

however, my openid consumer tester somehow can't discover my openid provider. i don't know what's wrong with my xrds document, but my openid consumer tester can be used to discover google, yahoo, verisign, and bring me to the login screen. so supposedly my openid consumer tester does nothing wrong. please advise me on what to do. thank you.

Answer 1

Does your Openid supports extensions?

You must be supporting atleast Openid Simple Attributue exchange service extension for exchanging identity information between endpoints. So, you must list the extension as additional xrd:Type child elements of the xrd:Service element.

Something like this;

<Service priority="0">
 <Type>http://specs.openid.net/auth/2.0/server</Type>
 <Type>http://openid.net/srv/ax/1.0</Type>
 <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
 <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
 <Type>http://specs.openid.net/extensions/pape/1.0</Type>
 <URI>endpoint_url</URI>
 </Service>

For more information regarding this, check the folowing link. http://openid.net/specs/openid-authentication-2_0.html#discovery