Issues with using Live Id

Feb 8, 2011 at 11:33 PM
Edited Feb 8, 2011 at 11:36 PM
Hi Rob,

I am currently facing some redirection issues when I use Live Id to log in to my healthvault account in the PPE environment. Please note that we are working behind a firewall. When I sign in with an open id such as “https:/hvpad.myopenid.com” and not with the Microsoft Live Id, the URL redirection seems to work. Here is the URL that is gets redirected back to my application

https://account.healthvault-ppe.com/appauth.aspx?id=255006&mkt=EN-US&appid=77abc0a3-eb48-4150-96de-67882f300904&redirect=http%3a%2f%2flocalhost%3a9090%2fhv%2fhvaction&scn=1add0ff0-30d3-45a5-aebf-bb710cebe2b9&openid.assoc_handle=%7bHMAC-SHA1%7d%7b4d51cb2b%7d%7btmm2DA%3d%3d%7d&openid.claimed_id=https%3a%2f%2fhvpad3.myopenid.com%2f&openid.identity=https%3a%2f%2fhvpad3.myopenid.com%2f&openid.mode=id_res&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.ns.pape=http%3a%2f%2fspecs.openid.net%2fextensions%2fpape%2f1.0&openid.op_endpoint=https%3a%2f%2fwww.myopenid.com%2fserver&openid.pape.auth_policies=none&openid.pape.auth_time=2011-02-08T23%3a00%3a59Z&openid.response_nonce=2011-02-08T23%3a00%3a59Z9Pwgqu&openid.return_to=https%3a%2f%2faccount.healthvault-ppe.com%3a443%2fOpenIdLogin.aspx%3fid%3d255006%26mkt%3dEN-US%26appid%3d77abc0a3-eb48-4150-96de-67882f300904%26redirect%3dhttp%253a%252f%252flocalhost%253a9090%252fhv%252fhvaction%26scn%3d1add0ff0-30d3-45a5-aebf-bb710cebe2b9&openid.sig=AOLxweIFK4spz60dMBm%2fLgegph8%3d&openid.signed=assoc_handle%2cclaimed_id%2cidentity%2cmode%2cns%2cns.pape%2cop_endpoint%2cpape.auth_policies%2cpape.auth_time%2cresponse_nonce%2creturn_to%2csigned&actionqs=%2fthings%2fhome&trm=get&ismra=False&persistwctoken=False&apptoken=ASAAADoKkkgb%2fSJEolwbODN750ycqaAixtbs3xSJCYYEG4AP%2b90qm1HTbYmwR96bQB9kuSWZhYp9tJpanZE1AG9v2wJajG7Nvc2RRC%2fLwUyfqNgCICGg%2bowlQ%2fHTxuftCj6Gd%2b8QkOUZxr7Ur9Ev8TrXjWFVYgoDSC6EIOJU1Z39HV639UPFzFMQZjdL%2f6vYLNVedw%3d%3d&selrecordid=134e64f6-c1e0-4d9d-9d55-1a9c43933b0d

However, the same scenario does not work when I use a live id such as abc@hotmail.com. Here is the sequence of URLs that are accessed as a part of the authorization process in Microsoft HealthVault. At the 3rd URL, the localhost become blockedcontent. Not sure if this is being done by HealthVault or by our infrastructure. I am going to post this in HealthVault forum as well. Just wanted to see if anyone in our team has any ideas.

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1297206498&rver=6.1.6195.0&wp=HBI&wreply=https%3a%2f%2faccount.healthvault-ppe.com%3a443%2fauth.aspx%3fappid%3d77abc0a3-eb48-4150-96de-67882f300904%26redirect%3dhttp%253a%252f%252flocalhost%253a9090%252fhv%252fhvaction%26lid%3dTrue%26scn%3d4b3643da-bf3a-4677-9ae1-97c51d45a51a&lc=1033&id=255006&cbcxt=YXBwaWQ9NzdhYmMwYTMtZWI0OC00MTUwLTk2ZGUtNjc4ODJmMzAwOTA0JnJlZGlyZWN0PWh0dHAlM2ElMmYlMmZsb2NhbGhvc3QlM2E5MDkwJTJmaHYlMmZodmFjdGlvbg\

User Signs to HealthVault
https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct=1297206498&rver=6.1.6195.0&wp=HBI&wreply=https%3a%2f%2faccount.healthvault-ppe.com%3a443%2fauth.aspx%3fappid%3d77abc0a3-eb48-4150-96de-67882f300904%26redirect%3dhttp%253a%252f%252flocalhost%253a9090%252fhv%252fhvaction%26lid%3dTrue%26scn%3d4b3643da-bf3a-4677-9ae1-97c51d45a51a&lc=1033&id=255006&cbcxt=YXBwaWQ9NzdhYmMwYTMtZWI0OC00MTUwLTk2ZGUtNjc4ODJmMzAwOTA0JnJlZGlyZWN0PWh0dHAlM2ElMmYlMmZsb2NhbGhvc3QlM2E5MDkwJTJmaHYlMmZodmFjdGlvbg&bk=1297206499

User is required to Authorize application in HealthVault
https://account.healthvault-ppe.com/appauth.aspx?appid=77abc0a3-eb48-4150-96de-67882f300904&redirect=http%3a%2f%2fblockedcontent%3a9090%2fhv%2fhvaction&lid=True&scn=4b3643da-bf3a-4677-9ae1-97c51d45a51a&ppud=4&wa=wsignin1.0&actionqs=%2fthings%2fhome&trm=get&ismra=False&persistwctoken=False&apptoken=ASAAAAc0l5GS909AhtAG6llej2WuT9Ly0jRtrfYWyuufRX3yRDsxoyWilAqfkU3kBCA3DVzhCaEEPe3SYVUNBdjW1Yi7tVa0imLqvcWXwsuJzsYcuOHMo7fUHfAnOxSKNMxBH8FrRjZvFi8NBCHu8u2HVds1BJyoElW%2f6zz2s9rqKvsfUnpk9T91iHQ29ikp7CQ%2fPw%3d%3d&selrecordid=7d5270e0-f5a0-4fb7-ab20-02a50ce438b2

User authorizes my application
https://account.healthvault-ppe.com/appauth.aspx?appid=77abc0a3-eb48-4150-96de-67882f300904&redirect=http%3a%2f%2fblockedcontent%3a9090%2fhv%2fhvaction&lid=True&scn=4b3643da-bf3a-4677-9ae1-97c51d45a51a&ppud=4&wa=wsignin1.0&actionqs=%2fthings%2fhome&trm=get&ismra=False&persistwctoken=False&apptoken=ASAAAAc0l5GS909AhtAG6llej2WuT9Ly0jRtrfYWyuufRX3yRDsxoyWilAqfkU3kBCA3DVzhCaEEPe3SYVUNBdjW1Yi7tVa0imLqvcWXwsuJzsYcuOHMo7fUHfAnOxSKNMxBH8FrRjZvFi8NBCHu8u2HVds1BJyoElW%2f6zz2s9rqKvsfUnpk9T91iHQ29ikp7CQ%2fPw%3d%3d&selrecordid=7d5270e0-f5a0-4fb7-ab20-02a50ce438b2
Any thoughts?
Coordinator
Feb 9, 2011 at 2:21 AM

The urls on the last two read:  https://blockedcontent:9090/hv/hvaction...

Is your firewall substituting the hostname?

--Rob

Feb 9, 2011 at 2:58 AM
Rob, I saw the blocked content - and contacted the firewall team. However, I do not understand why this happens only when I log in with the live id and not with an open id. That is what throws me. Any clues? Would HealthVault do something different for live id? Please note that the change of URL happens between selecting the record and the allow access pages in HealthVault. Please let me know what you think. Thanks Shyam
Coordinator
Feb 9, 2011 at 3:49 AM

I'm not sure what's going on here Shyam.  I just tried to repro it with the sample app from the SDK.  I can login fine with OpenId and a XXXX@homail.com live id credential.

Feb 9, 2011 at 3:00 PM
live.com URLs are disallowed access from within our network - but for some reason the login.live.com redirection from account.healthvault-ppe.com seems to work. I am not sure why the URL changes to "blockedcontent" - the infrastructure team is still looking into it.
I will post the resolution to the issue if we find out what is going on.

Thanks for getting back to me Rob.