Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] CardName and CardId

I've applied this patch, in SVN.

Regards,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 11/20/2007 12:31:36 PM:

> Hi Mike,
> 
> Could you please apply the attached patch for org.eclipse.higgins.
> sts.binding.axis1x.
> service/WebContent/ConfigurationFiles/ManagedConfiguration.xml to 
> add JSContextIdMapper setting? The patch will handle the following 
> cardid formats
> 
> file:///home/user/STS/Config/higgins.config.xml?id=Higgins-LDAP-
> Server&cardid=Higgins-Card-RP-Test-CS
> urn:Higgins-LDAP-Server&cardid=Test-Card
> 
> Since people use ManagedConfiguration.xml as the baseline for their 
> STS deployments, adding a sample JSContextIdMapper in 
> ManagedConfiguration.xml will help to configure it for the STS 
> deployment. Since the sample code in attached patch handles both old
> and new Higgins cardid formats, it should work out of the box for 
> Higgins STS deployment.
> 
> Also attaching Daniel's email on the details of JSContextIdMapper.
> 
> Thanks,
> Jeesmon
> 
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
> Sent: Monday, November 19, 2007 6:48 PM
> To: Higgins (Trust Framework) Project developer discussions
> Subject: RE: [higgins-dev] CardName and CardId
> 
> This issue has been resolved.
> 
> There were two issues. First, I was not using the latest version for
> some of the projects. Second, Mike checked in a change for org.
> eclipse.higgins.sts.server.token.identity/src/ 
> org/eclipse/Higgins/sts/server/token/identity/DigitalIdentityHandler.
> java to get the correct ContextRef form <CardId>. I was able to 
> successfully login to RP site from CardSpace using the imported card
> after deploying Mike's change.
> 
> Thanks a lot to Mike for looking into this issue,
> 
> Jeesmon
> 
> 
> 
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Jeesmon Jacob
> Sent: Monday, November 19, 2007 11:33 AM
> To: Higgins (Trust Framework) Project developer discussions
> Subject: RE: [higgins-dev] CardName and CardId
> 
> Hi Mike,
> 
> Please see the attached tomcat log. I'm also attaching the cardspace
> error. I had generated a card that uses Username Token to 
> authenticate to the IdP/STS.
> 
> 11:08:36,597 TRACE LogHelper.trace (54): 
> ProfileServiceServerBinding::getManagedCard
> 11:08:36,598 TRACE LogHelper.trace (54): ProfileService::getManagedCard
> 11:08:36,598 TRACE LogHelper.trace (54): CredentialType: 
UsernamePassword
> 11:08:36,599 TRACE LogHelper.trace (54): 
ProfileService::getManagedCard-0
> 11:08:36,599 TRACE LogHelper.trace (54): 
ProfileService::getManagedCard-1
> 11:08:36,599 TRACE LogHelper.trace (54): 
ProfileService::getManagedCard-2
> 
> I was able to use the imported card to sign into RP using CardSpace 
> if I change the line #306 in org.eclipse.higgins.sts.server.
> profile/src/org/eclipse/Higgins/sts/server/profile/ProfileService.
> java (getManagedCard method)
> 
> from
> 
>                 + "<CardId>" + ((java.net.URI)this.
> mapComponentSettings.get("CardId")).toString() + "&amp;cardid=" + 
> strEscapedCardName + "</CardId>"
> 
> To
> 
>                 + "<CardId>" + ((java.net.URI)this.
> mapComponentSettings.get("CardId")).toString() + "&amp;cardid=" + 
> strUsername + "</CardId>"
> 
> Please let me know if you need more details.
> 
> Thanks for looking into this.
> 
> -Jeesmon
> 
> -----Original Message-----
> From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-
> bounces@xxxxxxxxxxx] On Behalf Of Michael McIntosh
> Sent: Friday, November 16, 2007 5:07 PM
> To: Higgins (Trust Framework) Project developer discussions
> Cc: Higgins (Trust Framework) Project developer discussions; 
> higgins-dev-bounces@xxxxxxxxxxx
> Subject: Re: [higgins-dev] CardName and CardId
> 
> Jeesmon,
> 
> Please send more info form the log - there should be lines with either:
>         Creating Username/Password Credential:
> or:
>         Creating PPID/Modulus/Exponent Credential
> 
> Regards,
> Mike
> 
> higgins-dev-bounces@xxxxxxxxxxx wrote on 11/15/2007 08:36:58 PM:
> 
> > Hi Mike/Jim,
> >
> > I was running some tests on a locally deployed TokenService which uses
> > JNDI CP. I successfully created a Digital Subject Profile, generated
> > the card and imported to CardSpace. When I used the card to sign into
> > an RP, I got the following error
> >
> > 20:03:07,887 TRACE LogHelper.trace (54): before IContext::open
> > 20:03:07,892 DEBUG JNDIContext._setupContext (600): Attempting to
> > create initial context: ldap://localhost:389
> > 20:03:07,905 DEBUG JNDIContext.open (518): Context opened: urn:
> > Higgins-LDAP-Server,  as: jjacob10@xxxxxxxxxxxxx
> > 20:03:07,906 TRACE LogHelper.trace (54): after IContext::open
> > 20:03:07,907 TRACE LogHelper.trace (54): before IContext::getSubject
> > 20:03:07,907 DEBUG JNDIContext.getSubject (1164): Searching for
> > Digital Subject: Test-Card as: jjacob10@xxxxxxxxxxxxx in context:
> > urn:Higgins-LDAP-Server,
> > 20:03:07,920 ERROR LogHelper.error (102): A request failed with the
> > exception {0}.
> > 20:03:07,921 ERROR LogHelper.error (102): org.eclipse.higgins.idas.
> > api.NoSuchSubjectException: javax.naming.NameNotFoundException:
> > [LDAP: error code 32 - No Such Object]; remaining name 'uid=Test-
> > Card,ou=identities,dc=higgins,dc=eclipse,dc=org'
> > 20:03:07,922 ERROR LogHelper.error (102): {0}::{1} 
JNDIContext.java:569.
> > 20:03:07,922 ERROR LogHelper.error (102): {0}::{1}
> JNDIContext.java:1202.
> > 20:03:07,923 ERROR LogHelper.error (102): {0}::{1}
> JNDIContext.java:1150.
> > 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
> > DigitalIdentityHandler.java:351.
> > 20:03:07,924 ERROR LogHelper.error (102): {0}::{1}
> CompoundHandler.java:100.
> > 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> > SecurityTokenService.java:158.
> > 20:03:07,925 ERROR LogHelper.error (102): {0}::{1}
> > SecurityTokenServiceServerBinding.java:113.
> > 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
> TrustBindingImpl.java:41.
> > 20:03:07,926 ERROR LogHelper.error (102): {0}::{1}
> > TrustBindingSkeleton.java:70.
> > 20:03:07,927 ERROR LogHelper.error (102): {0}::{1}
> > NativeMethodAccessorImpl.java:-2.
> > 20:03:07,935 ERROR LogHelper.error (102): {0}::{1}
> > NativeMethodAccessorImpl.java:39.
> > 20:03:07,937 ERROR LogHelper.error (102): {0}::{1}
> > DelegatingMethodAccessorImpl.java:25.
> > 20:03:07,938 ERROR LogHelper.error (102): {0}::{1} Method.java:585.
> >
> > I had used the card name as ?Test Card? when generating the card.
> > Looking at the .crd file, I found that the card name is also added as
> > part of the CardId (space char replaced with - char)
> >
> > <InformationCardReference><CardId>urn:Higgins-LDAP-Server&amp;
> > cardid=Test-
> >
> 
Card</CardId><CardVersion>1</CardVersion></InformationCardReference><CardName>Test
> > Card</CardName>??.
> >
> > If I use the user name as card name when generating card, I?m able to
> > successfully login to the RP with that card.
> >
> > Is it a bug or something wrong with my configuration or working as
> expected?
> >
> > Thanks,
> > Jeesmon_______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> [attachment "ManagedConfiguration.xml.patch" deleted by Michael 
> McIntosh/Watson/IBM] 
> ----- Message from Daniel Sanders <dsanders@xxxxxxxxxx> on Thu, 18 
> Oct 2007 15:01:10 -0700 -----
> 
> To:
> 
> "higgins-dev@xxxxxxxxxxx" <higgins-dev@xxxxxxxxxxx>
> 
> Subject:
> 
> [higgins-dev] Mapping context IDs in the idas registry
> 
> All,
> 
> I checked in a change to the idas.registry project that allows us to
> map card Ids to an appropriate context ID.  This was added so that 
> the STS could support having multiple card IDs all map to the same 
> context ID.  For example, an STS might issue cards with the 
> following card ids:
> 
>    urn:Corporate-LDAP-Server:card1
>    urn:Corporate-LDAP-Server:card2
>    urn:Corporate-LDAP-Server:card3
> 
> In addition, there may be legacy cards that may have already been 
> issued with card IDs that look as follows:
> 
> file:///somedirectory/context.xml?id=Corporate-LDAP-Server&cardid=274Abc
> 
> Using the new mapping function, all of these different card Ids can 
> be mapped to a single context ID (or different ones if desired).
> 
> The mapping function only maps context IDs that are passed into the 
> fromConfiguration method of the ContextIdFactory class.  Currently, 
> the STS passes the card id into the fromConfiguration method as the 
> context ID.  NOTE: The fromString method on the ContextIdFactory 
> class calls fromConfiguration under the covers, so fromString is 
> also indirectly affected.
> 
> The mapping function is set up as follows:
> 
> 1. Add the following setting handlers to your configuration file (if
> they are not already there):
> 
>    <SettingHandler Type="htf:jscriptexec" Class="org.eclipse.
> higgins.util.jscript.JScriptExec"
>        Handler="org.eclipse.higgins.util.idas.cp.jscript.
> JScriptExecSettingHandler"/>
> 
>    <SettingHandler Type="htf:jscriptscope" Class="org.eclipse.
> higgins.util.jscript.JScriptScope"
>         Handler="org.eclipse.higgins.util.idas.cp.jscript.
> JScriptScopeSettingHandler"/>
> 
> 2. Add the following setting to the idas registry component settings:
> 
>    <Setting Name="JSContextIdMapper" Type="htf:jscriptexec">
>       <![CDATA[
>          /* Put your javascript in here.  There is one input 
> parameter called "contextId" which is the incoming string.  The 
transformed
>              string should be assigned to RESULT.  In the example 
> below, we prepend "urn:" to the incoming context id.  But there are
>              any number of things that could be done. */
> 
>          RESULT = "urn:" + contextId;
>       ]]>
>    </Setting>
> 
> Note that this is an optional setting.  If the setting is not 
> present, context IDs will not be mapped, but will be passed through 
as-is.
> 
> Mike, in the STS configuration file, this setting will come under 
> the ComponentSettings.IdentityAttributeService setting:
> 
>    <Setting Name="ComponentSettings" ...>
>       ...
>       <Setting Name="IdentityAttributeService" ...>
>          ...
>          <Setting Name="JSContextIdMapper ...>
> 
> Daniel
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev



Back to the top