Re: [higgins-dev] Problem with Managed I-Card

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] Problem with Managed I-Card

From: "Sergey Lyakhov" <slyakhov@xxxxxxxxxxxxxx>
Date: Fri, 5 Dec 2008 17:43:16 +0200
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

Leonardo,

> The STS dont write in the log file; is it a signal to be sure my STS does not work?

If you open your .crd file you can see the following:

   <TokenServiceList>
    <TokenService>
     <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
      <Address>https://rh154.sohosmart.net/TokenService/services/Trust</Address>

Most likely, <Address> URI in your card does not respond to your real STS endpoint URL. As a result, there is no any STS log, because selector could not send a token request to your STS. In this case you need to fix your STS configuration file (set correct STS URIs) and reissue a card. Otherwise check log4j.properties for STS to see errors (by the way, because Profile is a part of STS, you should see STS log when you work with profile).

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

To: 'Higgins (Trust Framework) Project developer discussions'

Sent: Friday, December 05, 2008 4:23 PM

Subject: [higgins-dev] Problem with Managed I-Card

From: Leonardo [mailto:leonardo.straniero@xxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 15.07
To: 'Sergey Lyakhov'
Subject: RE: [higgins-dev] Problem with Managed I-Card

Hi Sergey,

I follow your instruction and I think my STS dont work.

When I select the I-Card generated by my STS with the bandit RP I read in the last rows of my Catalina log file these messages:

5-dic-2008 14.48.40 org.apache.catalina.startup.Catalina start

INFO: Server startup in 4346 ms

The STS dont write in the log file; is it a signal to be sure my STS does not work?

If I use my Higgins RP with the Bandit Card I can read in the Catalina log file these messages:

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.server.Login newAuthSession

INFO: Saving Original URI to session: /

5-dic-2008 15.01.20 org.eclipse.higgins.rp.icard.ICardProtocolHandler init

INFO: initializing

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=XsEd6gtxxP3V7BLqW/Nu

INFO: name: C:\apache-tomcat-5.5.25\webapps\RelyingPartyDemoApp2\localhost.jks type: JKS

5-dic-2008 15.01.34 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypt token using key Sun RSA private CRT key, 1024 bits

modulus:

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypted token looks like

..

5-dic-2008 15.01.35 org.apache.xml.security.signature.Reference verify

INFO: Verification successful for URI "#urn:uuid:EA1F11BE3F25561F111228485634921553"

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

..

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Sucessfully authenticated token

Is it a problem with keystore and certificates?

Thanks,

Leonardo Straniero.

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 14.07
To: leonardo.straniero@xxxxxxxxxxxx; Higgins (Trust Framework) Project developer discussions
Subject: Re: [higgins-dev] Problem with Managed I-Card

> If I generate a card with the Higgins STS online, the different in size between my card and this card is about 3 KB

> and if I use this card in my Relying Party the authentication is ok.

Cards contain an image wihch can have different size, so it is not a problem. In any case,the card is ok if you are able to import this card into higgins or cardspace.

> If I check my Tomcat Console I read the follow error:

> org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

> INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

> org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

> INFO: Error authenticating token

> org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

Actually, it is error message of your higgins RP, not STS. Try to test your STS with some another RP (https://wag.bandit-project.org/BanditIdP/index.jsp?option=testinfocard&action=""> for example) to be sure your STS does (not) work.

You need to do the following:

1. Delete tomcat/logs/catalina.out log file.

2. Run tomcat.

3. Login to RP mentioned above.

4. Look/send errors in catalina.out log file if your STS does not work.

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

To: leonardo.straniero@xxxxxxxxxxxx ; 'Higgins (Trust Framework) Project developer discussions'

Sent: Friday, December 05, 2008 10:41 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

Any ideas?

Can is it a problem with certifications?

Regards.

From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Leonardo
Sent: giovedì 4 dicembre 2008 10.15
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem with Managed I-Card

Hi All,

i have a problem with my Higgins STS.

I can generate a Card for a Digital Subject Profile but when I use it in my Higgins Relying Party Demo i read this error:

The card contents could not be retrieved.

Check your network connection, and verify that you have supplied the

correct authentication credentials.

If I check my Tomcat Console I read the follow error:

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

If I generate a card with the Higgins STS online, the different in size between my card and this card is about 3 KB and if I use this card in my Relying Party the authentication is ok.

Is it a problem with the configuration or installation of my Higgins STS?

Please help me to fix this error.

Best Regars,

Leonardo Straniero.

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- RE: [higgins-dev] Problem with Managed I-Card
  - From: Leonardo

References:
- [higgins-dev] Problem with Managed I-Card
  - From: Leonardo

Prev by Date: [higgins-dev] Problem with Managed I-Card
Next by Date: Re: [higgins-dev] greetings from an uninitiated
Previous by thread: [higgins-dev] Problem with Managed I-Card
Next by thread: RE: [higgins-dev] Problem with Managed I-Card
Index(es):
- Date
- Thread

Breadcrumbs