I ran into problems with a GWT application for which I use the OpenID4Java library to provide a simple one click login for users with existing accounts at Google, Yahoo or other OpenID providers. Everything worked fine on the embedded Jetty server running in the GWT development mode.
In GWT development mode I had no problems signing in with my Google account. When running the application on Tomcat I got the following error: “Local signature verification failed” from the OpenID4Java ConsumerManager although I received a positive auth response and Google delivers my name and email address of my Google account.
The problem was a special character, a german umlaut, in my name which was not decoded properly with the correct character encoding. Because of this wrong URL encoding the calculated signature in the OpenID4Java Association was different from the original signature.
Adding the attribute URIEncoding=”UTF-8″ to the connector
element in Tomcat’s server.xml explicitly directs Tomcat to use UTF-8 character encoding instead of its default (ISO-8859-1) and fixed the problem.
→ Tomcat and UTF 8 encoding
→ Apache Tomcat Configuration Reference