[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] Re: Add saml:AudienceRestrictionCondition to P-Card xmlToken
|
I beleive this is fixed now.
Alexander Yuhimenko <AYuhimenko@xxxxxxxxxxxxxx> wrote on 04/09/2008
12:09:30 PM:
> Hello Mike,
>
> Some RP rejected P-Card xmlToken with error message like 'Audience
> Restriction is not valid'.
>
> Our PCard xmlToken doesn't have <saml:AudienceRestrictionCondition/>
> however CardSpace generated has.
>
> According to 'A Technical Reference for Information Cards in Windows
> CardSpace v1.0 December, 2006'
> > 7.1. Token Characteristics
> >The self-issued tokens issued by the simple identity provider in
> the Windows CardSpace system have the following characteristics:
> > ....
> > • The issued token always contains the saml:Conditions element
specifying:
> > o the token validity interval using the NotBefore and NotOnOrAfter
> attributes, and
> > o the saml:AudienceRestrictionCondition element restriciting the
> token to a specific target scope (i.e., a specific recipient of the
token).
>
>
> However according to org.eclipse.higgins.sts.server.token.saml.
> TokenGeneratorHandler you add it depends on RST.getAppliesTo()
> (uriAppliesTo) properties.
>
> if (null != uriAppliesTo) {
> final org.apache.axiom.om.OMElement
> omAudienceRestrictionCondition = omFactory.
> createOMElement("AudienceRestrictionCondition",
> omSAMLNamespace, omConditions);
> final org.apache.axiom.om.OMElement omAudience = omFactory.
> createOMElement("Audience", omSAMLNamespace,
> omAudienceRestrictionCondition);
> omAudience.setText(uriAppliesTo.toString());
> }
>
> But org.eclipse.higgins.sts.client.TokenRequestFactory setup it only
> for M-Card.
>
> java.lang.Boolean boolRequireAppliesTo = null;
> if (informationCard instanceof IManagedInformationCard)
> {
> boolRequireAppliesTo = ((IManagedInformationCard)
> informationCard).getRequireAppliesTo();
> }
> if (null != boolRequireAppliesTo)
> bSendAppliesTo = !(boolRequireAppliesTo.booleanValue());
> if ((null != uriRelyingParty) && (bSendAppliesTo))
> {
> final org.eclipse.higgins.sts.api.IAppliesTo appliesTo =
> new org.eclipse.higgins.sts.common.AppliesTo();
> final org.eclipse.higgins.sts.api.IEndpointReference epr
> = new org.eclipse.higgins.sts.common.EndpointReference();
> appliesTo.setEndpointReference(epr);
> epr.setAddress(uriRelyingParty);
> if (null != strCertificate)
> {
> epr.setIdentityCertificate(strCertificate);
> }
> rst.setAppliesTo(appliesTo);
> }
>
>
> Would you fix it.
>
> ---
> Thank you,
> Alexander Yuhimenko <ayuhimenko@xxxxxxxxxxxxx>