org.openid4java.server.IncrementalNonceGenerator is not cluster-safe

[GoogleCodeExporter]

In case there are several OpenID providers in a cluster (e.g. using the 
JdbcServerAssociationStore), the default IncrementalNonceGenerator can lead to 
having the same openid.response_nonce for different requests. Additional 
entropy is needed to prevent such a situation.
See attached file for a fix.

Original issue reported on code.google.com by cedrik.l...@gmail.com on 19 Dec 2013 at 1:47

Attachments:

• RandomNonceGenerator.java