# File lib/gapps_openid.rb, line 110
    def discover_user(domain, claimed_id)
      OpenID.logger.debug("Discovering user identity #{claimed_id} for domain #{domain}") unless OpenID.logger.nil?
      url = fetch_host_meta(domain)
      if url.nil?
        OpenID.logger.debug("#{domain} is not a Google Apps domain, aborting") unless OpenID.logger.nil?
        return nil # Not a Google Apps domain
      end

      xrds, signed = fetch_secure_xrds(domain, url)

      unless xrds.nil?
        # TODO - Need to propogate secure discovery info up through stack
        user_url, authority = get_user_xrds_url(xrds, claimed_id)
        user_xrds, signed = fetch_secure_xrds(domain, user_url, false)
      
        # No user xrds -- likely that identifier was just OP identifier
        if user_xrds.nil?
          endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(domain, xrds)
          return [claimed_id, OpenID.get_op_or_user_services(endpoints)]
        end
      
        endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(claimed_id, user_xrds)
        return [claimed_id, OpenID.get_op_or_user_services(endpoints)]
      end
    end