[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] Add saml:AudienceRestrictionCondition to P-Card xmlToken
|
Hello Mike,
Some RP rejected P-Card xmlToken with error message like 'Audience Restriction is not valid'.
Our PCard xmlToken doesn't have <saml:AudienceRestrictionCondition/> however CardSpace generated has.
According to 'A Technical Reference for Information Cards in Windows CardSpace v1.0 December, 2006'
> 7.1. Token Characteristics
>The self-issued tokens issued by the simple identity provider in the Windows CardSpace system have the following characteristics:
> ....
> • The issued token always contains the saml:Conditions element specifying:
> o the token validity interval using the NotBefore and NotOnOrAfter attributes, and
> o the saml:AudienceRestrictionCondition element restriciting the token to a specific target scope (i.e., a specific recipient of the token).
However according to org.eclipse.higgins.sts.server.token.saml.TokenGeneratorHandler you add it depends on RST.getAppliesTo() (uriAppliesTo) properties.
if (null != uriAppliesTo) {
final org.apache.axiom.om.OMElement omAudienceRestrictionCondition = omFactory.createOMElement("AudienceRestrictionCondition",
omSAMLNamespace, omConditions);
final org.apache.axiom.om.OMElement omAudience = omFactory.createOMElement("Audience", omSAMLNamespace,
omAudienceRestrictionCondition);
omAudience.setText(uriAppliesTo.toString());
}
But org.eclipse.higgins.sts.client.TokenRequestFactory setup it only for M-Card.
java.lang.Boolean boolRequireAppliesTo = null;
if (informationCard instanceof IManagedInformationCard)
{
boolRequireAppliesTo = ((IManagedInformationCard) informationCard).getRequireAppliesTo();
}
if (null != boolRequireAppliesTo)
bSendAppliesTo = !(boolRequireAppliesTo.booleanValue());
if ((null != uriRelyingParty) && (bSendAppliesTo))
{
final org.eclipse.higgins.sts.api.IAppliesTo appliesTo = new org.eclipse.higgins.sts.common.AppliesTo();
final org.eclipse.higgins.sts.api.IEndpointReference epr = new org.eclipse.higgins.sts.common.EndpointReference();
appliesTo.setEndpointReference(epr);
epr.setAddress(uriRelyingParty);
if (null != strCertificate)
{
epr.setIdentityCertificate(strCertificate);
}
rst.setAppliesTo(appliesTo);
}
Would you fix it.
---
Thank you,
Alexander Yuhimenko <ayuhimenko@xxxxxxxxxxxxx>