Home → Problems →

The change you wanted was rejected: When trying to sign in using SSO:

• Edit

cameron

21 Dec, 2009 02:50 PM

Message:

The change you wanted was rejected.

Maybe you tried to change something you didn't have access to.

This was working properly before it's now not. I'm not sure what sort of information is needed to help solve the problem:

I'm using the MultiPass gem to encode the url for redirection

http://help.woople.com/?sso=SSO_TOKEN_HERE

Please assist...

1. 1 Posted by rick on 21 Dec, 2009 06:51 PM

   

   Have you tried using the multipass tester (Extras > Site Settings > Multipass)? It'll let you know if the SSO token you're generating is valid.

   The only tricky thing is the URL encoding. The multipass gem does not encode tokens for URLs, because frameworks tend to do that stuff for you. Otherwise, it's really easy to do that on your own.
   

   • Edit

2. 2 Posted by cameron on 21 Dec, 2009 07:03 PM

   

   When I try to use the tester it says:

   We're sorry, but something went wrong.

   • Edit

3. 3 Posted by rick on 21 Dec, 2009 07:20 PM

   

   Ah, I'm not rescuing from an error properly. I'm guessing that means
   there are some encoding quirks, so it's unable to decode it properly.
   I'll have a look at the spec and see if there's something I can do
   make it easier to pass around in URLs. The encoding issues are
   killing me :)

   • Edit

4. 4 Posted by Cameron Westlan... on 22 Dec, 2009 02:38 PM

   

   So,

   This problem is still happening? Should I post a code sample (taken directly out of the example docs) or can someone help me get a more specific error?

   • Edit

5. 5 Posted by rick on 23 Dec, 2009 04:53 PM

   

   Yes, a code sample would be good. If the encoding is bad, it'll fail
   the decryption and bomb.

   • Edit

6. 6 Posted by cameron on 23 Dec, 2009 04:58 PM

   

   class HelpController < ApplicationController
    before_filter :require_user
     def index
       redirect_to "#{HELP_URL}?sso=#{CGI.escape(current_user.multipass(:tender))}"
     end
   end
   
   class User < ActiveRecord::Base
     def self.tender
       @tender ||= MultiPass.new('woople', # for 'yourapp.tenderapp.com', your SITE KEY
     'ee5e8012df863e8fec9f37f40c65066a8b080f525cf1baf4ad73a11de4a68d496c2ae11a379dd37d35adcd28c2d93b64db2ee6b6e9525dfd1ec2fde19ea65b52')
      end
   

   # create a multipass for this user object

     def multipass(type)
       self.class.send(type).encode(
         :guid => id,
         :email => email, 
         :display_name => name, 
         :locale => "en",
         :expires => 30.minutes.from_now,
         :account_url => "http://#{account.subdomain}.#{MAIN_HOST}")
     end
   end
   

   • Edit

7. 7 Posted by rick on 29 Dec, 2009 07:20 PM

   

   Hmm, that looks good. How are you creating the link on the html page?
   

   • Edit

8. 8 Posted by Cameron Westlan... on 29 Dec, 2009 07:26 PM

   

   I'm using the flash API NavigateToUrl

   Sent from my iPhone

   • Edit

9. 9 Posted by rick on 30 Dec, 2009 02:12 PM

   

   I'm going to look into tweaking the multipass spec to use url safe base64 codes. The problem is that standard base64 codes contain + and / symbols that need to be encoded.
   

   The other problem is that + is sometimes not encoded properly. CGI.escape encodes it correctly to %2B, and URI.escape leaves it at +. + characters are technically allowed, but sometimes translated to spaces.
   

   Explaining this is making me sound like a crazy person. I'm gonna see about changing the spec. Python and Perl have url safe base64 encoding that converts those + and / characters to - and _. Then, no encoding step is necessary.

   I'm in various flights today, so I should have something more for you tomorrow. Sorry this is turning into such a hassle, thanks for your patience :)

   • Edit

10. 10 Posted by cameron on 30 Dec, 2009 02:52 PM

    

    Rick,

    Thanks, just let me know what you need from me and I'd be happy to comply!

    • Edit

11. 11 Posted by rick on 31 Dec, 2009 07:01 PM

    

    Okay, I made the changes that I mentioned. Of course, I never pushed my gem updates upstream, so you'll have to manually translate all + to - and / to _. Check the updated Multipass debugger, this time actually tested to make sure it recovers from errors better :)

    The changes to the Multipass gem are on my laptop at home right. I've uploaded it here if you wanted to use it. Tender is already using it for decoding mulitpasses (and legacy multipasses are still supported).

    • multipass.tar.gz 4.15 KB
    • Edit

12. 12 Posted by cameron on 31 Dec, 2009 07:58 PM

    

    Ok,

    I downloaded and installed the multipass you provided below (1.2.1) and deployed it to our staging environment.

    It generates a token:

    7JOYCQz_l5d3hHILZABP9dBXnowLZJC96jpTtq9f2eWW9m38ulSw9e_ZlPpQBo3AWicfI2U0cEE23eN3I1sWwY3vbQvPHdVoVjiR8NZOapO3t1bzkDyI8CF8p0MM_HYEOACGPj02QfUn1rP0as6NSnxelQ5VBPWV5GACoV5NTzyd-mmD2w4u63SRCMMAJI8vETIqjdajU4Jtg5B0D8WvAeWGlYSJvk50tgSfkdPJ5fw%3D

    I get the message:
    The MultiPass token was not able to be decrypted.

    I'm using the exact same source code is there anything else I need to be doing?

    • Edit

13. 13 Posted by rick on 31 Dec, 2009 08:01 PM

    

    Crap, something encoded the `=` at the end. Try stripping that off too.

    @@@ ruby
    mp = current_user.multipass
    mp.chomp! "="
    @@@

    In your pasted example, it was encoded to `%3D`. You should be able
    to leave that off too. I'm going to run some tests and update the
    docs if necessary.

    • Edit

14. 14 Posted by rick on 31 Dec, 2009 08:15 PM

    

    Ok, the equal sign is needed. Gah. I'm going to tweak the spec again
    and push the update tomorrow.

    You said you're passing this to a flash API... is Flash encoding it
    twice? If you give it something encoded, it might encode it again,
    converting `%3D` to `%253D`. I'm going to add support for
    double-encoded `=` symbols.

    • Edit

15. 15 Posted by cameron on 31 Dec, 2009 08:26 PM

    

    I don't think flash re-encodes it a second time, I'll try it without it being encoded at all and pass that to flash. But that's for working so hard on this.

    • Edit

16. 16 Posted by rick on 31 Dec, 2009 09:40 PM

    

    I just pushed an update that allows you to strip the `=` symbol. It
    also allows double-encoded `=`'s. You can remove the `=` with
    something like `s.chomp('=')`. I'll push my new multipass gem
    tomorrow.

    • Edit

17. Nicole closed this discussion on 03 Feb, 2010 10:09 PM.