[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] TS setup and configuration
|
I strongly suspect this is related to the cert used to sign the card. I am
not sure whether wildcard certs are supported. I know the cert has to be
trusted on the importing machine (the root ca must be in the windows root
ca store.
Thanks,
Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 03/28/2007 07:03:35 PM:
> Andy,
>
> Several suggestions:
>
> 1. Have you looked in the system log to see what errors CardSpace is
> logging? Sometimes you can get more information about what is wrong
> from the system log.
>
> 2. Make sure in your call to the card generation function you are
> passing in a Java key store that has the correct private/public keys
> - might be something wrong there.
>
> 3. If you want to, send me your card and I will see if I can see
> what is wrong with it. -- The Wag site is using older card
> generation code (probably several months old). We have not started
> using the newer card generation code.
>
> 4. It strikes me that the namespace issues really are important (ic:
> InformationCard vs. InformationCard), but the message you are
> getting back doesn't seem to be complaining about that.
>
> Daniel
>
> >>> <andy.dale@xxxxxxxxx> 3/28/2007 4:39 PM >>>
>
> Hi All,
>
> Here at ooTao we have been trying to setup and configure the Higgins
> Token Service... With some success.
>
> We have the service built and deployed and we are able to go into
> the user interfaces and create subject profiles and modify them. We
> are also able to go to the 'Generate Card' page and download a .crd
> file.... That's the good news. The bad news is we can not import
> the card into CardSpace (Windows XP). On the same machine I can
> import a card from wag.
>
> When we try to import our card we get the message:
>
> "Windows CardSpace encountered an error when verifying the identity
> of the site and cannot continue."
> Same error occurs for
> 1) Username Token
> 2) Self Signed SAML Token
>
> By watching tcpmon we are fairly sure that this is a problem
> contained within the .crd file itself as no network traffic is being
> generated prior to the error message.
>
> Our token service is deployed at:
>
> https://ts.ezibroker.net/TokenService/
>
> FYI: The SSL Cert we have on this site is a wildcard cert ( *.
> ezibroker.net ) from Digicert
>
> One thing that we aren't sure about is if this might be an issue.
>
> We have compared the .crd file from WAG with the one generated from
> our service and have found them to be structurally equal, baring a
> few differences in things like 'supportedClaims'; which one would
> expect. and some namespace notation differences ( e.g. ic:
> InformationCard vs InformationCard )
>
> Any help or guidance would be appreciated.
>
>
> Andy Dale
> ooTao, Inc.
>
> Phone: 877-213-7935
> Fax: 877-213-7935
>
> i-name: =Andy.Dale
> http://xri.net/=andy.dale
>
>
***************************************************************************
> If you don't have an i-name yet use this link to visit one of our
> partners and buy one:
>
> http://www.ezibroker.net/partners.html
>
>
***************************************************************************
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev