Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] CardName and CardId 
Hi Mike,

Could you please apply the attached patch for org.eclipse.higgins.sts.binding.axis1x.service/WebContent/ConfigurationFiles/ManagedConfiguration.xml to add JSContextIdMapper setting? The patch will handle the following cardid formats

file:///home/user/STS/Config/higgins.config.xml?id=Higgins-LDAP-Server&cardid=Higgins-Card-RP-Test-CS
urn:Higgins-LDAP-Server&cardid=Test-Card

Since people use ManagedConfiguration.xml as the baseline for their STS deployments, adding a sample JSContextIdMapper in ManagedConfiguration.xml will help to configure it for the STS deployment. Since the sample code in attached patch handles both old and new Higgins cardid formats, it should work out of the box for Higgins STS deployment.

Also attaching Daniel's email on the details of JSContextIdMapper.

Thanks,
Jeesmon

-----Original Message-----
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
Sent: Monday, November 19, 2007 6:48 PM
To: Higgins (Trust Framework) Project developer discussions
Subject: RE: [higgins-dev] CardName and CardId

This issue has been resolved.

There were two issues. First, I was not using the latest version for some of the projects. Second, Mike checked in a change for org.eclipse.higgins.sts.server.token.identity/src/ org/eclipse/Higgins/sts/server/token/identity/DigitalIdentityHandler.java to get the correct ContextRef form <CardId>. I was able to successfully login to RP site from CardSpace using the imported card after deploying Mike's change.

Thanks a lot to Mike for looking into this issue,

Jeesmon



-----Original Message-----
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
Sent: Monday, November 19, 2007 11:33 AM
To: Higgins (Trust Framework) Project developer discussions
Subject: RE: [higgins-dev] CardName and CardId

Hi Mike,

Please see the attached tomcat log. I'm also attaching the cardspace error. I had generated a card that uses Username Token to authenticate to the IdP/STS.

11:08:36,597 TRACE LogHelper.trace (54): ProfileServiceServerBinding::getManagedCard
11:08:36,598 TRACE LogHelper.trace (54): ProfileService::getManagedCard
11:08:36,598 TRACE LogHelper.trace (54): CredentialType: UsernamePassword
11:08:36,599 TRACE LogHelper.trace (54): ProfileService::getManagedCard-0
11:08:36,599 TRACE LogHelper.trace (54): ProfileService::getManagedCard-1
11:08:36,599 TRACE LogHelper.trace (54): ProfileService::getManagedCard-2

I was able to use the imported card to sign into RP using CardSpace if I change the line #306 in org.eclipse.higgins.sts.server.profile/src/org/eclipse/Higgins/sts/server/profile/ProfileService.java (getManagedCard method)

from

                + "<CardId>" + ((java.net.URI)this.mapComponentSettings.get("CardId")).toString() + "&amp;cardid=" + strEscapedCardName + "</CardId>"

To

                + "<CardId>" + ((java.net.URI)this.mapComponentSettings.get("CardId")).toString() + "&amp;cardid=" + strUsername + "</CardId>"

Please let me know if you need more details.

Thanks for looking into this.

-Jeesmon

-----Original Message-----
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Michael McIntosh
Sent: Friday, November 16, 2007 5:07 PM
To: Higgins (Trust Framework) Project developer discussions
Cc: Higgins (Trust Framework) Project developer discussions; higgins-dev-bounces@xxxxxxxxxxx
Subject: Re: [higgins-dev] CardName and CardId

Jeesmon,

Please send more info form the log - there should be lines with either:
        Creating Username/Password Credential:
or:
        Creating PPID/Modulus/Exponent Credential

Regards,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 11/15/2007 08:36:58 PM:

> Hi Mike/Jim,
>
> I was running some tests on a locally deployed TokenService which uses
> JNDI CP. I successfully created a Digital Subject Profile, generated
> the card and imported to CardSpace. When I used the card to sign into
> an RP, I got the following error
>
> 20:03:07,887 TRACE LogHelper.trace (54): before IContext::open
> 20:03:07,892 DEBUG JNDIContext._setupContext (600): Attempting to
> create initial context: ldap://localhost:389
> 20:03:07,905 DEBUG JNDIContext.open (518): Context opened: urn:
> Higgins-LDAP-Server,  as: jjacob10@xxxxxxxxxxxxx
> 20:03:07,906 TRACE LogHelper.trace (54): after IContext::open
> 20:03:07,907 TRACE LogHelper.trace (54): before IContext::getSubject
> 20:03:07,907 DEBUG JNDIContext.getSubject (1164): Searching for
> Digital Subject: Test-Card as: jjacob10@xxxxxxxxxxxxx in context:
> urn:Higgins-LDAP-Server,
> 20:03:07,920 ERROR LogHelper.error (102): A request failed with the
> exception {0}.
> 20:03:07,921 ERROR LogHelper.error (102): org.eclipse.higgins.idas.
> api.NoSuchSubjectException: javax.naming.NameNotFoundException:
> [LDAP: error code 32 - No Such Object]; remaining name 'uid=Test-
> Card,ou=identities,dc=higgins,dc=eclipse,dc=org'
> 20:03:07,922 ERROR LogHelper.error (102): {0}::{1} JNDIContext.java:569.
> 20:03:07,922 ERROR LogHelper.error (102): {0}::{1}
JNDIContext.java:1202.
> 20:03:07,923 ERROR LogHelper.error (102): {0}::{1}
JNDIContext.java:1150.
> 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
> DigitalIdentityHandler.java:351.
> 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
CompoundHandler.java:100.
> 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> SecurityTokenService.java:158.
> 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> SecurityTokenServiceServerBinding.java:113.
> 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
TrustBindingImpl.java:41.
> 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
> TrustBindingSkeleton.java:70.
> 20:03:07,927 ERROR LogHelper.error (102): {0}::{1}
> NativeMethodAccessorImpl.java:-2.
> 20:03:07,935 ERROR LogHelper.error (102): {0}::{1}
> NativeMethodAccessorImpl.java:39.
> 20:03:07,937 ERROR LogHelper.error (102): {0}::{1}
> DelegatingMethodAccessorImpl.java:25.
> 20:03:07,938 ERROR LogHelper.error (102): {0}::{1} Method.java:585.
>
> I had used the card name as ?Test Card? when generating the card.
> Looking at the .crd file, I found that the card name is also added as
> part of the CardId (space char replaced with - char)
>
> <InformationCardReference><CardId>urn:Higgins-LDAP-Server&amp;
> cardid=Test-
>
Card</CardId><CardVersion>1</CardVersion></InformationCardReference><CardName>Test
> Card</CardName>??.
>
> If I use the user name as card name when generating card, I?m able to
> successfully login to the RP with that card.
>
> Is it a bug or something wrong with my configuration or working as
expected?
>
> Thanks,
> Jeesmon_______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Attachment: ManagedConfiguration.xml.patch
Description: ManagedConfiguration.xml.patch

--- Begin Message --- 
All,

I checked in a change to the idas.registry project that allows us to map card Ids to an appropriate context ID.  This was added so that the STS could support having multiple card IDs all map to the same context ID.  For example, an STS might issue cards with the following card ids:

   urn:Corporate-LDAP-Server:card1
   urn:Corporate-LDAP-Server:card2
   urn:Corporate-LDAP-Server:card3

In addition, there may be legacy cards that may have already been issued with card IDs that look as follows:

   file:///somedirectory/context.xml?id=Corporate-LDAP-Server&cardid=274Abc

Using the new mapping function, all of these different card Ids can be mapped to a single context ID (or different ones if desired).

The mapping function only maps context IDs that are passed into the fromConfiguration method of the ContextIdFactory class.  Currently, the STS passes the card id into the fromConfiguration method as the context ID.  NOTE: The fromString method on the ContextIdFactory class calls fromConfiguration under the covers, so fromString is also indirectly affected.

The mapping function is set up as follows:

1. Add the following setting handlers to your configuration file (if they are not already there):

   <SettingHandler Type="htf:jscriptexec" Class="org.eclipse.higgins.util.jscript.JScriptExec"
       Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptExecSettingHandler"/>

   <SettingHandler Type="htf:jscriptscope" Class="org.eclipse.higgins.util.jscript.JScriptScope"
        Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptScopeSettingHandler"/>

2. Add the following setting to the idas registry component settings:

   <Setting Name="JSContextIdMapper" Type="htf:jscriptexec">
      <![CDATA[
         /* Put your javascript in here.  There is one input parameter called "contextId" which is the incoming string.  The transformed
             string should be assigned to RESULT.  In the example below, we prepend "urn:" to the incoming context id.  But there are
             any number of things that could be done. */

         RESULT = "urn:" + contextId;
      ]]>
   </Setting>

Note that this is an optional setting.  If the setting is not present, context IDs will not be mapped, but will be passed through as-is.

Mike, in the STS configuration file, this setting will come under the ComponentSettings.IdentityAttributeService setting:

   <Setting Name="ComponentSettings" ...>
      ...
      <Setting Name="IdentityAttributeService" ...>
         ...
         <Setting Name="JSContextIdMapper ...>

Daniel
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

--- End Message ---

Back to the top