Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] JNDI CP configuration file - schema confusion

Raj,

The multimap you refer to is only an example.  The answer to your questions lies
therein and, yeah, you've got it, it's because the sample application wanted CardSpace 
attributes whether or not there were multiple CPs or not.

Now, you may map things however you like and, in fact, the default for the JNDI
provider is to use the http://www.../ldap#attr_ prefix.  The default also results
in a one to one mapping.  In the one to many mapping case, the JNDI CP simply
picks the first one in the list.  If that is not what the attribute in the backing store
is called, you'll get no result.

Let me know if you have additional questions.

Regards,
Tom

>>> Rajalakshmi S Iyer <iyer_rajalakshmi@xxxxxxxxxx> 05/28/08 11:43 AM >>> 

Hello,

The JNDI configuration XML file contains a multimap that maps LDAP
attributes to Cardspace claims. This is then used to do the translation
between consumer and provider attributes.

However, this means that the JNDI CP attributes can be referred using the
JNDI CP schema namespace
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_ prefix as
well as the Cardspace claims prefix
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/<attr_name>.

When I search for entities, the results look like -

http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : inetorgperson
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : organizationalPerson
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : person
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : top
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_uid : jdoe
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_description
 : IBM Employee
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone : 25691128
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname : Doe
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_cn : John
Doe

As can be seen, the attributes that have a corresponding definition in the
cardspace multimap are returned with that as prefix else they are returned
with the JNDI CP schema namespace as prefix. It seems to imply that there
are two levels of translation -  one between LDAP schema and JNDI CP schema
and another between LDAP schema and Cardspace claims schema.

Is there a reason why Cardspace claims namespace is used for IdAS
attributes? Is it so that an IdAS application can use common Cardspace
attributes across all context providers?

Another point to note:
If I use the attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone for filter
construction during search, the search fails because this attribute maps to
multiple LDAP attributes and the nested filter construction logic doesnt
seem to work. However, if I use
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_homePhone
it works.

Best regards,
Rajalakshmi Iyer


_______________________________________________
higgins- dev mailing list
higgins- dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins- dev



Back to the top