Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] self-issued STS authentication

You need to download and install the unlimited crypto jurisdiction files - 
instructions are here: 
http://java.sun.com/products/jce/index-14.html#UnlimitedDownload

Regards,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 09/18/2007 05:07:48 PM:

> Daniel,
> 
> On 18-Sep-07, at 6:30 AM, Daniel Sanders wrote:
> 
> > Are you talking about a managed card whose user credential is a 
> > self-issued card?  If so, that feature has been available in the 
> > STS for much longer than two months now, and it works fine.
> 
> Yes, sorry for the ambiguity, that's what I meant.
> 
> > You have to make sure that your context provider supports the 
> > credential type.  The JNDI provider supports it.  You also have to 
> > make sure that when you issue the managed card, you create an 
> > association between the PPID+public Key of the personal card and 
> > the user profile so that when the STS authenticates using that PPID 
> > +public key, it will be able to find the correct user profile.  The 
> > JNDI context provider creates a SHA1 hash of PPID+public key and 
> > expects to be able to lookup the user object by querying on an 
> > attribute called 'cardKeyHash' using that holds the hash value. 
> > The cardKeyHash attribute needs to be populated by the process that 
> > issues the managed card.
> 
> I'm using r671 from https://forgesvn1.novell.com/svn/bandit/trunk, 
> which has the last change date Jul 23, with an OpenLDAP JNDI context 
> provider.
> 
> All the above is done by the Higgins STS, but 
> XMLSecurityApacheExtension.DecryptElement() throws the exception 
> below, when  calling xmlCipher.doFinal() :
> 
> org.apache.xml.security.encryption.XMLEncryptionException: Illegal 
> key size
> Original Exception was java.security.InvalidKeyException: Illegal key 
> size
> 
> The problem seems to be with this call in DecryptElement(), which 
> returns an empty dom Element:
> 
> final org.w3c.dom.Element domEncryptedData = (org.w3c.dom.Element) 
> elemEncryptedData.getAs(org.w3c.dom.Element.class);
> 
> 
> Has anyone seen this before, or has it been fixed since July?
> 
> 
> Thanks!
> Johnny
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev



Back to the top