[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] Re: Add saml:AudienceRestrictionCondition to P-Card xmlToken
|
Thanks Michael.
--
Alexander Yuhimenko <AYuhimenko@xxxxxxxxxxxxxx>
On Wed, 9 Apr 2008 13:47:34 -0400
Michael McIntosh <mikemci@xxxxxxxxxx> wrote:
> I beleive this is fixed now.
>
> Alexander Yuhimenko <AYuhimenko@xxxxxxxxxxxxxx> wrote on 04/09/2008
> 12:09:30 PM:
>
> > Hello Mike,
> >
> > Some RP rejected P-Card xmlToken with error message like 'Audience
> > Restriction is not valid'.
> >
> > Our PCard xmlToken doesn't have <saml:AudienceRestrictionCondition/>
> > however CardSpace generated has.
> >
> > According to 'A Technical Reference for Information Cards in Windows
> > CardSpace v1.0 December, 2006'
> > > 7.1. Token Characteristics
> > >The self-issued tokens issued by the simple identity provider in
> > the Windows CardSpace system have the following characteristics:
> > > ....
> > > • The issued token always contains the saml:Conditions element
> specifying:
> > > o the token validity interval using the NotBefore and NotOnOrAfter
> > attributes, and
> > > o the saml:AudienceRestrictionCondition element restriciting the
> > token to a specific target scope (i.e., a specific recipient of the
> token).
> >
> >
> > However according to org.eclipse.higgins.sts.server.token.saml.
> > TokenGeneratorHandler you add it depends on RST.getAppliesTo()
> > (uriAppliesTo) properties.
> >
> > if (null != uriAppliesTo) {
> > final org.apache.axiom.om.OMElement
> > omAudienceRestrictionCondition = omFactory.
> > createOMElement("AudienceRestrictionCondition",
> > omSAMLNamespace, omConditions);
> > final org.apache.axiom.om.OMElement omAudience = omFactory.
> > createOMElement("Audience", omSAMLNamespace,
> > omAudienceRestrictionCondition);
> > omAudience.setText(uriAppliesTo.toString());
> > }
> >
> > But org.eclipse.higgins.sts.client.TokenRequestFactory setup it only
> > for M-Card.
> >
> > java.lang.Boolean boolRequireAppliesTo = null;
> > if (informationCard instanceof IManagedInformationCard)
> > {
> > boolRequireAppliesTo = ((IManagedInformationCard)
> > informationCard).getRequireAppliesTo();
> > }
> > if (null != boolRequireAppliesTo)
> > bSendAppliesTo = !(boolRequireAppliesTo.booleanValue());
> > if ((null != uriRelyingParty) && (bSendAppliesTo))
> > {
> > final org.eclipse.higgins.sts.api.IAppliesTo appliesTo =
> > new org.eclipse.higgins.sts.common.AppliesTo();
> > final org.eclipse.higgins.sts.api.IEndpointReference epr
> > = new org.eclipse.higgins.sts.common.EndpointReference();
> > appliesTo.setEndpointReference(epr);
> > epr.setAddress(uriRelyingParty);
> > if (null != strCertificate)
> > {
> > epr.setIdentityCertificate(strCertificate);
> > }
> > rst.setAppliesTo(appliesTo);
> > }
> >
> >
> > Would you fix it.
> >
> > ---
> > Thank you,
> > Alexander Yuhimenko <ayuhimenko@xxxxxxxxxxxxx>
