10

I have registered to meta.stackexchange.com successfully, I was also able to Sign Up on superuser fine using the same credentials.

However when I tried to log in with Stack Exchange details at Area51, the message says:

Unable to log in with your OpenID provider: Message signature was incorrect.

URL: http://area51.stackexchange.com/users/authenticate/?s=618287a9-306c-417e-8466-cc526dd847f8&dnoa.userSuppliedIdentifier=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.claimed_id=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.identity=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.sig=bUxefxF%2B7jVIR4GL7Aiu4nC8xOawLzHEb7VcCOwdG90%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2&openid.assoc_handle=CfBr!IAAAANUK158fJI1OOFNrnlvUBm7EI2xmTeq9VywJuhmD5N_BQQAAAAFRy7bpNdQAT8kwQvWO4yIGsuU9JFpUC1Vqxv00aFyj_EJDbqcmC1dMojAJkgfZH18w9K64NL0K6OC5Kcddjd9U&openid.op_endpoint=https:%2F%2Fopenid.stackexchange.com%2Fopenid%2Fprovider&openid.return_to=http:%2F%2Farea51.stackexchange.com%2Fusers%2Fauthenticate%2F%3Fs%3D618287a9-306c-417e-8466-cc526dd847f8%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.stackexchange.com%252Fuser%252Fab368049-d61e-4142-8b45-880babd3d12a&openid.response_nonce=2016-02-13T16:44:13ZCRsm8F1I&openid.mode=id_res&openid.ns=http:%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http:%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=http:%2F%2Faxschema.org%2Fcontact%2Femail&openid.alias3.value.alias1=XXX.bahman%40XXX.XXX&openid.alias3.type.alias2=http:%2F%2Faxschema.org%2FnamePerson&openid.alias3.value.alias2=%D8%A8%D9%87%D9%85%D9%86

I am using Epic web browser for privacy purposes. So maybe it is because it removed some of the tracking cookies? How to workaround the problem without changing the web browser which I used to it?

enter image description here]

Here is AJAX call:

Remote Address:45.X.X.X:44300
Request URL:http://area51.stackexchange.com/users/signin
Request Method:POST
Status Code:200 OK

Request Headers:
:host:area51.stackexchange.com
:method:POST
:path:/users/signin
:scheme:http
:version:HTTP/1.1
accept:*/*
accept-encoding:gzip, deflate
accept-language:en-US,en;q=0.8
content-length:0
cookie:__cfduid=; gauthed=; prov=; m=5; __utmt=1; acct=t=X&s=X; __utma=55649147.1185854572.1455380114.1455380114.1455380114.1; __utmb=55649147.40.10.1455380114; __utmc=55649147; __utmz=55649147.1455380114.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
dnt:1
origin:http://area51.stackexchange.com
referer:http://area51.stackexchange.com/users/authenticate/?s=566b3c86-74be-467c-a898-705e646ea211&dnoa.userSuppliedIdentifier=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.claimed_id=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.identity=https:%2F%2Fopenid.stackexchange.com%2Fuser%2Fab368049-d61e-4142-8b45-880babd3d12a&openid.sig=DdXYs3I%2FooozxExX%2BTkdDhmwC4u2ysVTU5dOmzoWbns%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2&openid.assoc_handle=KXsu!IAAAAGFnVfndXDv1OVdHryEHObUiUXqvKm0Q6ZPRcGPMaCA1QQAAAAHxqtw8jIG2u3H576aPYqwv7AdN-MQW-DmAM2r4bFmvU0zoz_uEo6Px9bBITyi8L_7dTDrly0b_otdYCzJvZCsh&openid.op_endpoint=https:%2F%2Fopenid.stackexchange.com%2Fopenid%2Fprovider&openid.return_to=http:%2F%2Farea51.stackexchange.com%2Fusers%2Fauthenticate%2F%3Fs%3D566b3c86-74be-467c-a898-705e646ea211%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.stackexchange.com%252Fuser%252Fab368049-d61e-4142-8b45-880babd3d12a&openid.response_nonce=2016-02-13T16:56:23Znylvllob&openid.mode=id_res&openid.ns=http:%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http:%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=http:%2F%2Faxschema.org%2Fcontact%2Femail&openid.alias3.value.alias1=XXX.bahman%40XXX.XXX&openid.alias3.type.alias2=http:%2F%2Faxschema.org%2FnamePerson&openid.alias3.value.alias2=%D8%A8%D9%87%D9%85%D9%86
user-agent:Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2085.0 Safari/537.36
x-requested-with:XMLHttpRequest

Response Headers:
cache-control:private
cf-ray:2742114b23b60785-EWR
content-encoding:gzip
content-length:370
content-type:text/plain; charset=utf-8
date:Sat, 13 Feb 2016 16:56:36 GMT
proxy-agent:SPDY Proxy 0.2.7
server:cloudflare-nginx
status:200
vary:Accept-Encoding
version:HTTP/1.1
x-request-guid:43fe8d3a-6a4f-4390-9fce-d5dba3c6e4cb

which I guess is failing.

At https://openid.stackexchange.com/user it is showing that I am Logged In and Authenticated to Area51, but because Message signature was incorrect, I am logged out. I've tried on Epic, Chrome and Brave web browsers, the same issue.

In Chrome, on JS console I've the following errors:

Frame with URL 'https://openid.stackexchange.com/affiliate/form?affId=2&background=transpar…TUU8gkvXAeexf0zTqam9qFSMASmvOrtmwlFpxB%2b0%2b9MHLk1kOFL0KuSsd0W3tvs%2fQ%3d' attempted to navigate its top-level window with URL 'http://area51.stackexchange.com/users/authenticate/?s=6d4eca57-8c3a-4fe6-a0…rg%2FnamePerson&openid.alias3.value.alias2=%D8%A8%D9%87%D9%85%D9%86#log-in'. Navigating the top-level window from a cross-origin iframe will soon require that the iframe has received a user gesture. See https://www.chromestatus.com/features/5851021045661696. redirect @ master.js:76 (anonymous) @ form?affId=2&background=transparent&callback=http%3a%2f%2farea51.stackexchange.com%2fusers%2fauthen…:44 Navigated to http://area51.stackexchange.com/users/authenticate/?s=d530d63b-b74d-4ffc-87…chema.org%2FnamePerson&openid.alias3.value.alias2=%D8%A8%D9%87%D9%85%D9%86 2?s=d530d63b-b74d-4ffc-871c-6fb2e29f78b4&dnoa.userSuppliedIdentifier=https:%2F%2Fopenid.stackexchang…:234

A Parser-blocking, cross-origin script, http://www.google-analytics.com/ga.js, is invoked via document.write. This may be blocked by the browser if the device has poor network connectivity. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Improve this question
4
  • 3
    Possible duplicate of Message signature was incorrect
    – Anthony Pham
    Commented Feb 14, 2016 at 0:02
  • @PythonMaster I'm not using Google and there it's suggested it's some sort of Google outage, I'm using SE account directly, so I think it's not relevant.
    – bahman
    Commented Feb 25, 2016 at 22:10
  • Not related to third-party cookies, I was able to create an Area 51 account and sign-in with third-party cookies globally blocked.
    – user598527
    Commented Jan 5, 2017 at 20:09
  • 3
    @PythonMaster: No, the error only happens on Area 51. I have the issue as well.
    – user598527
    Commented Jan 5, 2017 at 21:37

1 Answer 1

Reset to default
3

On a common browser, I'd say you need to turn off HTTPSEverywhere (or similar addons) long enough to log in.

Since you're using something fairly non-standard... It's possible your browser is trying to do something similar as well. If there's a way to turn off forced HTTPS, do that long enough to log in to Area 51. If not, you may be out of luck until full HTTPS support is rolled out network-wide on our end.

Improve this answer
3
  • Do you know how to temporarily disable HTTPSEverywhere? I haven't been able to log in to Area 51 for quite some time now. (Ignoring the fact that "log-in insecurely" sounds like the worst possible workaround!) I tried using the "disable" button on its item in the add-ons list, but perhaps that doesn't work until the entire browser is rebooted?
    – Toby Speight
    Commented Jul 11, 2017 at 14:56
  • Forgot to say, this is with Firefox on Linux, with cookies enabled for area51.stackexchange.com
    – Toby Speight
    Commented Jul 11, 2017 at 14:59
  • @TobySpeight No idea, sorry. I don't run it myself. We should be putting A51 on HTTPS by default soon, but I don't have an ETA at the moment. (I also somehow didn't realize the login pages weren't already HTTPS since they've been on Q&A sites for so long, so that's fun.)
    – Adam Lear StaffMod
    Commented Jul 11, 2017 at 19:33

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .