[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
RE: [higgins-dev] CardName and CardId
|
I've applied this patch, in SVN.
Regards,
Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 11/20/2007 12:31:36 PM:
> Hi Mike,
>
> Could you please apply the attached patch for org.eclipse.higgins.
> sts.binding.axis1x.
> service/WebContent/ConfigurationFiles/ManagedConfiguration.xml to
> add JSContextIdMapper setting? The patch will handle the following
> cardid formats
>
> file:///home/user/STS/Config/higgins.config.xml?id=Higgins-LDAP-
> Server&cardid=Higgins-Card-RP-Test-CS
> urn:Higgins-LDAP-Server&cardid=Test-Card
>
> Since people use ManagedConfiguration.xml as the baseline for their
> STS deployments, adding a sample JSContextIdMapper in
> ManagedConfiguration.xml will help to configure it for the STS
> deployment. Since the sample code in attached patch handles both old
> and new Higgins cardid formats, it should work out of the box for
> Higgins STS deployment.
>
> Also attaching Daniel's email on the details of JSContextIdMapper.
>
> Thanks,
> Jeesmon
>
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
> Sent: Monday, November 19, 2007 6:48 PM
> To: Higgins (Trust Framework) Project developer discussions
> Subject: RE: [higgins-dev] CardName and CardId
>
> This issue has been resolved.
>
> There were two issues. First, I was not using the latest version for
> some of the projects. Second, Mike checked in a change for org.
> eclipse.higgins.sts.server.token.identity/src/
> org/eclipse/Higgins/sts/server/token/identity/DigitalIdentityHandler.
> java to get the correct ContextRef form <CardId>. I was able to
> successfully login to RP site from CardSpace using the imported card
> after deploying Mike's change.
>
> Thanks a lot to Mike for looking into this issue,
>
> Jeesmon
>
>
>
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
> Sent: Monday, November 19, 2007 11:33 AM
> To: Higgins (Trust Framework) Project developer discussions
> Subject: RE: [higgins-dev] CardName and CardId
>
> Hi Mike,
>
> Please see the attached tomcat log. I'm also attaching the cardspace
> error. I had generated a card that uses Username Token to
> authenticate to the IdP/STS.
>
> 11:08:36,597 TRACE LogHelper.trace (54):
> ProfileServiceServerBinding::getManagedCard
> 11:08:36,598 TRACE LogHelper.trace (54): ProfileService::getManagedCard
> 11:08:36,598 TRACE LogHelper.trace (54): CredentialType:
UsernamePassword
> 11:08:36,599 TRACE LogHelper.trace (54):
ProfileService::getManagedCard-0
> 11:08:36,599 TRACE LogHelper.trace (54):
ProfileService::getManagedCard-1
> 11:08:36,599 TRACE LogHelper.trace (54):
ProfileService::getManagedCard-2
>
> I was able to use the imported card to sign into RP using CardSpace
> if I change the line #306 in org.eclipse.higgins.sts.server.
> profile/src/org/eclipse/Higgins/sts/server/profile/ProfileService.
> java (getManagedCard method)
>
> from
>
> + "<CardId>" + ((java.net.URI)this.
> mapComponentSettings.get("CardId")).toString() + "&cardid=" +
> strEscapedCardName + "</CardId>"
>
> To
>
> + "<CardId>" + ((java.net.URI)this.
> mapComponentSettings.get("CardId")).toString() + "&cardid=" +
> strUsername + "</CardId>"
>
> Please let me know if you need more details.
>
> Thanks for looking into this.
>
> -Jeesmon
>
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Michael McIntosh
> Sent: Friday, November 16, 2007 5:07 PM
> To: Higgins (Trust Framework) Project developer discussions
> Cc: Higgins (Trust Framework) Project developer discussions;
> higgins-dev-bounces@xxxxxxxxxxx
> Subject: Re: [higgins-dev] CardName and CardId
>
> Jeesmon,
>
> Please send more info form the log - there should be lines with either:
> Creating Username/Password Credential:
> or:
> Creating PPID/Modulus/Exponent Credential
>
> Regards,
> Mike
>
> higgins-dev-bounces@xxxxxxxxxxx wrote on 11/15/2007 08:36:58 PM:
>
> > Hi Mike/Jim,
> >
> > I was running some tests on a locally deployed TokenService which uses
> > JNDI CP. I successfully created a Digital Subject Profile, generated
> > the card and imported to CardSpace. When I used the card to sign into
> > an RP, I got the following error
> >
> > 20:03:07,887 TRACE LogHelper.trace (54): before IContext::open
> > 20:03:07,892 DEBUG JNDIContext._setupContext (600): Attempting to
> > create initial context: ldap://localhost:389
> > 20:03:07,905 DEBUG JNDIContext.open (518): Context opened: urn:
> > Higgins-LDAP-Server, as: jjacob10@xxxxxxxxxxxxx
> > 20:03:07,906 TRACE LogHelper.trace (54): after IContext::open
> > 20:03:07,907 TRACE LogHelper.trace (54): before IContext::getSubject
> > 20:03:07,907 DEBUG JNDIContext.getSubject (1164): Searching for
> > Digital Subject: Test-Card as: jjacob10@xxxxxxxxxxxxx in context:
> > urn:Higgins-LDAP-Server,
> > 20:03:07,920 ERROR LogHelper.error (102): A request failed with the
> > exception {0}.
> > 20:03:07,921 ERROR LogHelper.error (102): org.eclipse.higgins.idas.
> > api.NoSuchSubjectException: javax.naming.NameNotFoundException:
> > [LDAP: error code 32 - No Such Object]; remaining name 'uid=Test-
> > Card,ou=identities,dc=higgins,dc=eclipse,dc=org'
> > 20:03:07,922 ERROR LogHelper.error (102): {0}::{1}
JNDIContext.java:569.
> > 20:03:07,922 ERROR LogHelper.error (102): {0}::{1}
> JNDIContext.java:1202.
> > 20:03:07,923 ERROR LogHelper.error (102): {0}::{1}
> JNDIContext.java:1150.
> > 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
> > DigitalIdentityHandler.java:351.
> > 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
> CompoundHandler.java:100.
> > 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> > SecurityTokenService.java:158.
> > 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> > SecurityTokenServiceServerBinding.java:113.
> > 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
> TrustBindingImpl.java:41.
> > 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
> > TrustBindingSkeleton.java:70.
> > 20:03:07,927 ERROR LogHelper.error (102): {0}::{1}
> > NativeMethodAccessorImpl.java:-2.
> > 20:03:07,935 ERROR LogHelper.error (102): {0}::{1}
> > NativeMethodAccessorImpl.java:39.
> > 20:03:07,937 ERROR LogHelper.error (102): {0}::{1}
> > DelegatingMethodAccessorImpl.java:25.
> > 20:03:07,938 ERROR LogHelper.error (102): {0}::{1} Method.java:585.
> >
> > I had used the card name as ?Test Card? when generating the card.
> > Looking at the .crd file, I found that the card name is also added as
> > part of the CardId (space char replaced with - char)
> >
> > <InformationCardReference><CardId>urn:Higgins-LDAP-Server&
> > cardid=Test-
> >
>
Card</CardId><CardVersion>1</CardVersion></InformationCardReference><CardName>Test
> > Card</CardName>??.
> >
> > If I use the user name as card name when generating card, I?m able to
> > successfully login to the RP with that card.
> >
> > Is it a bug or something wrong with my configuration or working as
> expected?
> >
> > Thanks,
> > Jeesmon_______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> [attachment "ManagedConfiguration.xml.patch" deleted by Michael
> McIntosh/Watson/IBM]
> ----- Message from Daniel Sanders <dsanders@xxxxxxxxxx> on Thu, 18
> Oct 2007 15:01:10 -0700 -----
>
> To:
>
> "higgins-dev@xxxxxxxxxxx" <higgins-dev@xxxxxxxxxxx>
>
> Subject:
>
> [higgins-dev] Mapping context IDs in the idas registry
>
> All,
>
> I checked in a change to the idas.registry project that allows us to
> map card Ids to an appropriate context ID. This was added so that
> the STS could support having multiple card IDs all map to the same
> context ID. For example, an STS might issue cards with the
> following card ids:
>
> urn:Corporate-LDAP-Server:card1
> urn:Corporate-LDAP-Server:card2
> urn:Corporate-LDAP-Server:card3
>
> In addition, there may be legacy cards that may have already been
> issued with card IDs that look as follows:
>
> file:///somedirectory/context.xml?id=Corporate-LDAP-Server&cardid=274Abc
>
> Using the new mapping function, all of these different card Ids can
> be mapped to a single context ID (or different ones if desired).
>
> The mapping function only maps context IDs that are passed into the
> fromConfiguration method of the ContextIdFactory class. Currently,
> the STS passes the card id into the fromConfiguration method as the
> context ID. NOTE: The fromString method on the ContextIdFactory
> class calls fromConfiguration under the covers, so fromString is
> also indirectly affected.
>
> The mapping function is set up as follows:
>
> 1. Add the following setting handlers to your configuration file (if
> they are not already there):
>
> <SettingHandler Type="htf:jscriptexec" Class="org.eclipse.
> higgins.util.jscript.JScriptExec"
> Handler="org.eclipse.higgins.util.idas.cp.jscript.
> JScriptExecSettingHandler"/>
>
> <SettingHandler Type="htf:jscriptscope" Class="org.eclipse.
> higgins.util.jscript.JScriptScope"
> Handler="org.eclipse.higgins.util.idas.cp.jscript.
> JScriptScopeSettingHandler"/>
>
> 2. Add the following setting to the idas registry component settings:
>
> <Setting Name="JSContextIdMapper" Type="htf:jscriptexec">
> <![CDATA[
> /* Put your javascript in here. There is one input
> parameter called "contextId" which is the incoming string. The
transformed
> string should be assigned to RESULT. In the example
> below, we prepend "urn:" to the incoming context id. But there are
> any number of things that could be done. */
>
> RESULT = "urn:" + contextId;
> ]]>
> </Setting>
>
> Note that this is an optional setting. If the setting is not
> present, context IDs will not be mapped, but will be passed through
as-is.
>
> Mike, in the STS configuration file, this setting will come under
> the ComponentSettings.IdentityAttributeService setting:
>
> <Setting Name="ComponentSettings" ...>
> ...
> <Setting Name="IdentityAttributeService" ...>
> ...
> <Setting Name="JSContextIdMapper ...>
>
> Daniel
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev