RE: [higgins-dev] Problem with Managed I-Card

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] Problem with Managed I-Card

From: "Leonardo" <leonardo.straniero@xxxxxxxxxxxx>
Date: Tue, 9 Dec 2008 18:12:35 +0100
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AclaBUejaVgRui2CS9+75RfRFpNmPAAG2YKg

Hi,

post my card, my STS configuration file, my STS keystore.jks.

The STS’s log don’t print errors…L

I send my card to bandit RP and have the same problem.

Please see the attachments.

Regards.

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: martedì 9 dicembre 2008 14.51
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

Leonardo,

> I think now the STS is working and have only authentication problem (certificate and keystore???).

You can check it with another RP (https://wag.bandit-project.org/BanditIdP/index.jsp?option=testinfocard&action=""> for example) to be sure. But I think you still have a problem with STS. If it does not work, you need to provide us with your STS log file and STS configuration files.

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

To: 'Sergey Lyakhov' ; 'Higgins (Trust Framework) Project developer discussions'

Sent: Tuesday, December 09, 2008 11:24 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

Hi,

thanks for your response.

The <Address>https://rh154.sohosmart.net/TokenService/services/Trust</Address> in the configuration file was

https://localhost/TokenService/services/Trust

and with this configuration I read these messages:

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=g5KVqdBhaEa400itu24a

org.eclipse.higgins.rp.servlet.server.AuthNFilter doFilter

INFO: 127.0.0.1 tried to access https://localhost:8443/RelyingPartyDemoApp2/protected/index.jsp on Fri Dec 05 17:43:59 CET 2008

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=iWRCfFEnMxFnBLvhK6hF

org.eclipse.higgins.rp.icard.ICardProtocolHandler getKeyStore

INFO: name: C:\apache-tomcat-5.5.25\webapps\RelyingPartyDemoApp2\keystore.jks type: JKS

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

GRAVE: Unable to proecess token

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

If I modify the configuration file and insert this configuration

https://localhost:8443/TokenService/services/Trust (I add the number of port)

I read these messages:

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=3qL2yMi20G52KZC3HqZX

org.eclipse.higgins.rp.servlet.server.AuthNFilter doFilter

INFO: 127.0.0.1 tried to access https://localhost:8443/RelyingPartyDemoApp2/protected/index.jsp on Tue Dec 09 10:03:45 CET 2008

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=IUjAaf/gGz7VpV2NR8Ht

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

I don’t read the error “Unable to proecess token” but only the info message “org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token”.

I think now the STS is working and have only authentication problem (certificate and keystore???).

Is my idea right?

Best Regards,

Leonardo Straniero.

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 16.43
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

Leonardo,

> The STS don’t write in the log file; is it a signal to be sure my STS does not work?

If you open your .crd file you can seethe following:

  <TokenServiceList>
    <TokenService>
     <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
      <Address>https://rh154.sohosmart.net/TokenService/services/Trust</Address>

Most likely, <Address> URI in your card does not respond to your real STS endpoint URL. As a result, there is no any STS log, because selector could not send a token request to your STS. In this case you need to fix your STS configuration file (set correct STS URIs) and reissue a card. Otherwise check log4j.properties for STS to see errors (by the way, becauseProfile is a part of STS, you should see STS log when you work with profile).

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

To: 'Higgins (Trust Framework) Project developer discussions'

Sent: Friday, December 05, 2008 4:23 PM

Subject: [higgins-dev] Problem with Managed I-Card

From: Leonardo [mailto:leonardo.straniero@xxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 15.07
To: 'Sergey Lyakhov'
Subject: RE: [higgins-dev] Problem with Managed I-Card

Hi Sergey,

I follow your instruction and I think my STS don’t work.

When I select the I-Card generated by my STS with the bandit RP I read in the last rows of my Catalina log file these messages:

5-dic-2008 14.48.40 org.apache.catalina.startup.Catalina start

INFO: Server startup in 4346 ms

The STS don’t write in the log file; is it a signal to be sure my STS does not work?

If I use my Higgins RP with the Bandit Card I can read in the Catalina log file these messages:

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.server.Login newAuthSession

INFO: Saving Original URI to session: /

5-dic-2008 15.01.20 org.eclipse.higgins.rp.icard.ICardProtocolHandler init

INFO: initializing

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=XsEd6gtxxP3V7BLqW/Nu

……

INFO: name: C:\apache-tomcat-5.5.25\webapps\RelyingPartyDemoApp2\localhost.jks type: JKS

5-dic-2008 15.01.34 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypt token using key Sun RSA private CRT key, 1024 bits

modulus:

………

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypted token looks like

……..

5-dic-2008 15.01.35 org.apache.xml.security.signature.Reference verify

INFO: Verification successful for URI "#urn:uuid:EA1F11BE3F25561F111228485634921553"

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

……..

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Sucessfully authenticated token

Is it a problem with keystore and certificates?

Thanks,

Leonardo Straniero.

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 14.07
To: leonardo.straniero@xxxxxxxxxxxx; Higgins (Trust Framework) Project developer discussions
Subject: Re: [higgins-dev] Problem with Managed I-Card

> If I generate a card with the Higgins STS online, the different in size between my card and this card is about 3 KB

> and if I use this card in my Relying Party the authentication is ok.

Cards contain an image wihch can have different size, so it is not a problem. In any case,the card is ok if you are able to import this card into higgins or cardspace.

> If I check my Tomcat Console I read the follow error:

> org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

> INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

> org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

> INFO: Error authenticating token

> org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

Actually, it is error message of your higgins RP, not STS. Try to test your STS with some another RP (https://wag.bandit-project.org/BanditIdP/index.jsp?option=testinfocard&action=""> for example) to be sure your STS does (not) work.

You need to do the following:

1. Delete tomcat/logs/catalina.out log file.

2. Run tomcat.

3. Login to RP mentioned above.

4. Look/send errors in catalina.out log file if your STS does not work.

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

To: leonardo.straniero@xxxxxxxxxxxx ; 'Higgins (Trust Framework) Project developer discussions'

Sent: Friday, December 05, 2008 10:41 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

Any ideas?

Can is it a problem with certifications?

Regards.

From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Leonardo
Sent: giovedì 4 dicembre 2008 10.15
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem with Managed I-Card

Hi All,

i have a problem with my Higgins STS.

I can generate a Card for a Digital Subject Profile but when I use it in my Higgins Relying Party Demo i read this error:

The card contents could not be retrieved.

Check your network connection, and verify that you have supplied the

correct authentication credentials.

If I check my Tomcat Console I read the follow error:

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

If I generate a card with the Higgins STS online, the different in size between my card and this card is about 3 KB and if I use this card in my Relying Party the authentication is ok.

Is it a problem with the configuration or installation of my Higgins STS?

Please help me to fix this error.

Best Regars,

Leonardo Straniero.

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Attachment: antonio-card.crd
Description: Binary data

Attachment: prova.jks
Description: Binary data

<!--
/*******************************************************************************
 * Copyright (c) 2006 IBM Corporation.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Michael McIntosh (IBM Corporation) - initial definition
 *******************************************************************************/ 
 --> 
<Configuration
	xmlns:xsd="http://www.w3.org/2001/XMLSchema";
	xmlns="http://higgins.eclipse.org/sts/Configuration";
	xmlns:htf="http://higgins.eclipse.org/sts/Configuration";
	xsd:schemaLocation="http://higgins.eclipse.org/sts/Configuration Configuration.xsd ">
	
	<!--  The setting handlers are classes that consume Setting elements where the Type matches and generate an object of the Class -->
	<SettingHandlers>
		<SettingHandler Type="htf:map" Class="java.util.Map" Handler="org.eclipse.higgins.configuration.xml.MapHandler"/>
		<SettingHandler Type="htf:list" Class="java.util.List" Handler="org.eclipse.higgins.configuration.xml.ListHandler"/>
		<SettingHandler Type="xsd:string" Class="java.lang.String" Handler="org.eclipse.higgins.configuration.xml.StringHandler"/>
		<SettingHandler Type="xsd:boolean" Class="java.lang.Boolean" Handler="org.eclipse.higgins.configuration.xml.BooleanHandler"/>
		<SettingHandler Type="xsd:anyURI" Class="java.net.URI" Handler="org.eclipse.higgins.configuration.xml.URIHandler"/>
		<SettingHandler Type="htf:file" Class="java.io.FileInputStream" Handler="org.eclipse.higgins.configuration.xml.FileHandler"/>
		<SettingHandler Type="htf:keystore" Class="java.security.KeyStore" Handler="org.eclipse.higgins.configuration.xml.KeyStoreHandler"/>
		<SettingHandler Type="htf:certificate" Class="java.lang.String" Handler="org.eclipse.higgins.configuration.xml.CertificateHandler"/>
		<SettingHandler Type="htf:privatekey" Class="java.security.PrivateKey" Handler="org.eclipse.higgins.configuration.xml.PrivateKeyHandler"/>
		<SettingHandler Type="htf:singleton" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.SingletonHandler"/>
		<SettingHandler Type="htf:instance" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.InstanceHandler"/>
		<SettingHandler Type="htf:extensionmap" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapHandler"/>
		<SettingHandler Type="htf:extensionmapkey" Class="org.eclipse.higgins.sts.impl.ExtensionMapKey" Handler="org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapKeyHandler"/>
		<SettingHandler Type="htf:appliestomap" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMapHandler"/>
		<SettingHandler Type="htf:appliestomapping" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMappingHandler"/>
		<SettingHandler Type="htf:classinstance" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.ClassInstanceHandler"/>
		<SettingHandler Type="htf:classsingleton" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.ClassSingletonHandler"/>
		<SettingHandler Type="htf:jscriptexec" Class="org.eclipse.higgins.util.jscript.JScriptExec" Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptExecSettingHandler"/>
		<SettingHandler Type="htf:jscriptscope" Class="org.eclipse.higgins.util.jscript.JScriptScope" Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptScopeSettingHandler"/>
	</SettingHandlers>
	
	<Setting Name="STSConfiguration" Type="htf:map">

		<!-- The logical name of the Token Issuer to be placed into generated cards
			- optionally change "higgins.eclipse.org" to the hostname where the STS will be deployed
			- need not resolve to actual endpoint
			- used for matching when RP specifies an Issuer -->
		<Setting Name="TokenServiceIssuerURI" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
		<!-- The WS-Trust endpoint URL to be placed into generated cards
			- change "localhost" to the hostname if not collocated with identity selector
			- note that the SSL certificate must match the machine name -->
		<Setting Name="TokenServiceTrustURI" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
		<!-- The WS-Transfer endpoint URL to be placed into generated cards
			- when Username Tokens are used to authenticate to the IP/STS
			- change "localhost" to the hostname if not collocated with identity selector
			- note that the SSL certificate must match the machine name -->
		<Setting Name="UsernameTokenMetadataURI" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/MetadataUsernameToken</Setting>
		<!-- The WS-Transfer endpoint URL to be placed into generated cards
			- when SelfSignedSAML Tokens are used to authenticate to the IP/STS
			- change "localhost" to the hostname if not collocated with identity selector
			- note that the SSL certificate must match the machine name -->
		<Setting Name="SelfSignedSAMLTokenMetadataURI" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/MetadataSelfSignedSAMLToken</Setting>

		<!-- The WS-Transfer endpoint URL to be placed into generated cards
			- when X509 Tokens are used to authenticate to the IP/STS
			- change "localhost" to the hostname if not collocated with identity selector
			- note that the SSL certificate must match the machine name -->
		<Setting Name="X509TokenMetadataURI" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/MetadataX509Token</Setting>

		<!-- Note about keystores:  You may use two keystores  
			one (IssuerKeystore) for the signing of cards, 
			and another (SSLKeystore) for transport security 
			or you may use the same keystore for both
		    Change "localhost.jks" to your keystore's filename.  
			Note: this must be the keystore file or a soft link 
			to the keystore file. Either way, it must be in the 
			same directory as this file (Configuration.xml) -->
		<!--  The Key Store that contains the Issuer and SSL Certificate(s) and Private Key -->
		<Setting Name="STSKeyStore" Type="htf:keystore">
			<!-- The type of the Key Store -->
			<Setting Name="Type" Type="xsd:string">JKS</Setting>
			<!-- The file that contains the Key Store
				- location relative to the Configuration directory -->
			<Setting Name="File" Type="htf:file">prova.jks</Setting>
			<!-- The password for the Key Store -->
			<Setting Name="Password" Type="xsd:string">leonardo</Setting>
		</Setting>
		
		<!--  The Issuer Certificate -->
		<Setting Name="IssuerCertificate" Type="htf:certificate">
			<!--  The Name of the Key Store that contains the Certificate -->
			<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
			<!-- The alias for the Certificate in the Key Store -->
			<Setting Name="Alias" Type="xsd:string">cacert</Setting>	
		</Setting>
		
		<!--  The Issuer Key -->
		<Setting Name="IssuerPrivateKey" Type="htf:privatekey">
			<!--  The Key Store that contains the Private Key -->
			<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
			<!-- The alias for the Private Key in the Key Store -->
			<Setting Name="Alias" Type="xsd:string">tomcat</Setting>	
			<!-- The password for the Key in the Key Store -->
			<Setting Name="Password" Type="xsd:string">leonardo</Setting>
		</Setting>
		
		<!--  The SSL Certificate -->
		<Setting Name="SSLCertificate" Type="htf:certificate">
			<!--  The Name of the Key Store that contains the Certificate -->
			<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
			<!-- The alias for the Certificate in the Key Store -->
			<Setting Name="Alias" Type="xsd:string">tomcat</Setting>	
		</Setting>
				
		<!-- Provides the AttributeName, AttributeNamespace, and DisplayName" for each Attribute/Claim -->
		<Setting Name="AttributeClaimMap" Type="htf:map">
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">givenname</Setting>
				<Setting Name="AttributeName" Type="xsd:string">givenname</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">First Name</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">surname</Setting>
				<Setting Name="AttributeName" Type="xsd:string">sn</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Last Name</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">emailaddress</Setting>
				<Setting Name="AttributeName" Type="xsd:string">mail</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Email Address</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">streetaddress</Setting>
				<Setting Name="AttributeName" Type="xsd:string">street</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Street Address</Setting>
			</Setting>						
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">locality</Setting>
				<Setting Name="AttributeName" Type="xsd:string">l</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Locality Name or City</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">stateorprovince</Setting>
				<Setting Name="AttributeName" Type="xsd:string">st</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">State or Province</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">postalcode</Setting>
				<Setting Name="AttributeName" Type="xsd:string">postalcode</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Postal Code</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">country</Setting>
				<Setting Name="AttributeName" Type="xsd:string">c</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Country</Setting>
			</Setting>			
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">homephone</Setting>
				<Setting Name="AttributeName" Type="xsd:string">homephone</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Primary or Home Telephone Number</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">otherphone</Setting>
				<Setting Name="AttributeName" Type="xsd:string">telephoneNumber</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Secondary or Work Telephone Number</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">mobilephone</Setting>
				<Setting Name="AttributeName" Type="xsd:string">mobile</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Mobile Telephone Number</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">dateofbirth</Setting>
				<Setting Name="AttributeName" Type="xsd:string">dateofbirth</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Date of Birth</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">gender</Setting>
				<Setting Name="AttributeName" Type="xsd:string">gender</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Gender</Setting>
			</Setting>
			<Setting Name="http://sts.labs.live.com/2006/06/claims/nickname"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">nickname</Setting>
				<Setting Name="AttributeName" Type="xsd:string">nickname</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://sts.labs.live.com/2006/06/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Nickname</Setting>
			</Setting>
			<Setting Name="http://burtongroup.com/interop/2007/05/identity/cameratype"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">cameratype</Setting>
				<Setting Name="AttributeName" Type="xsd:string">cameratype</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Camera Type</Setting>
			</Setting>
			<Setting Name="http://burtongroup.com/interop/2007/05/identity/group"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">group</Setting>
				<Setting Name="AttributeName" Type="xsd:string">GroupName</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Group</Setting>
			</Setting>
			<Setting Name="http://burtongroup.com/interop/2007/05/identity/groupRole"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">groupRole</Setting>
				<Setting Name="AttributeName" Type="xsd:string">groupRole</Setting>
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Group Role</Setting>
			</Setting>
			<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"; Type="htf:map">
				<Setting Name="ClaimName" Type="xsd:string">privatepersonalidentifier</Setting>
				<!-- <Setting Name="AttributeName" Type="xsd:string">privatepersonalidentifier</Setting> -->
				<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
				<Setting Name="DisplayName" Type="xsd:string">Private Personal Identifier</Setting>
			</Setting>
		</Setting>

		<Setting Name="ComponentSettings" Type="htf:map">
			<Setting Name="XMLSecurityExtension" Type="htf:map">
			</Setting>
			<Setting Name="JNDIContextFactory" Type="htf:map">
			</Setting>
			<Setting Name="IdentityAttributeService" Type="htf:map">
				<Setting Name="ContextFactoryInstancesList" Type="htf:list">
					<Setting Name="JNDIContextFactory" Type="htf:map">
						<Setting Name="Instance" Type="xsd:string">JNDIContextFactory</Setting>
						<Setting Name="ContextTypes" Type="htf:list">
							<Setting Name="LDAPContextType" Type="xsd:string">$context+ldap</Setting>
						</Setting>
					</Setting>
				</Setting>
				<Setting Name="ContextIdsList" Type="htf:list">
					<Setting Name="urn:Higgins-LDAP-Server" Type="htf:map">
						<Setting Name="ContextId" Type="xsd:string">urn:Higgins-LDAP-Server</Setting>
						<Setting Name="ContextTypes" Type="htf:list">
							<Setting Name="LDAPContextType" Type="xsd:string">$context+ldap</Setting>
						</Setting>
						<Setting Name="ContextUris" Type="htf:list">
							<Setting Name="DefaultContextUri" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
						</Setting>
						<Setting Name="Connection" Type="htf:map">
							<Setting Name="ConnectionType" Type="xsd:string">LDAP</Setting>
							<Setting Name="AddressList" Type="htf:list">
								<Setting Name="Address" Type="xsd:string">ldap://localhost:389</Setting>
							</Setting>
							<Setting Name="jndiProvider" Type="xsd:string">com.sun.jndi.ldap.LdapCtxFactory</Setting>
						</Setting>
						<Setting Name="env" Type="htf:map">
							<Setting Name="java.naming.security.authentication" Type="xsd:string">simple</Setting>
							<Setting Name="java.naming.security.principal" Type="xsd:string">cn=root</Setting>
							<Setting Name="java.naming.security.credentials" Type="xsd:string">higgins</Setting>
							<Setting Name="java.naming.ldap.attributes.binary" Type="xsd:string">guid</Setting>
						</Setting>
						<Setting Name="JSPolicyAction" Type="htf:map">
							<Setting Name="JSSharedScope" Type="htf:jscriptscope">
								<![CDATA[
									var multimap = {
										consumer: [],
										provider: []
										};
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";] =
										["givenname", "givenName", "2.5.4.42"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";] =
										["sn", "surname", "2.5.4.4"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";] =
										["mail", "email", "emailaddress", "internetaddress", 
										 "1.2.840.113549.1.9.1", "rfc822mailbox", "0.9.2342.19200300.100.1.3"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";] =
										["street", "streetaddress", "2.5.4.9"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";] =
										["localityName", "2.5.4.7"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";] =
										["st", "stateprovincename", "2.5.4.8"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";] =
										["postalcode", "2.5.4.17"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";] =
										["countryname", "2.5.4.6"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone";] =
										["homephone", "telephonenumber", "2.5.4.20"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone";] =
										["otherphone", "telephoneNumber"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone";] =
										["mobile", "mobilephone", "0.9.2342.19200300.100.1.41"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";] =
										["dateofbirth"];
									multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";] =
										["gender"];
									multimap.consumer["http://sts.labs.live.com/2006/06/claims/nickname";] =
										["nickname"];
									multimap.consumer["http://burtongroup.com/interop/2007/05/identity/cameratype";] =
										["cameratype"];
									multimap.consumer["http://burtongroup.com/interop/2007/05/identity/group";] =
										["GroupName"];
									multimap.consumer["http://burtongroup.com/interop/2007/05/identity/groupRole";] =
										["groupRole"];
									for (elem in multimap.consumer)
									{
										for (provider in multimap.consumer[elem])
											multimap.provider[multimap.consumer[elem][provider]] = elem;
									}
								]]>
							</Setting>
							<Setting Name="consumerEntityIDToProvider" Type="htf:jscriptexec">
								<![CDATA[
									RESULT = "uid=" + consumerID + ",ou=identities,dc=higgins,dc=eclipse,dc=org"
								]]>
							</Setting>
							<Setting Name="providerEntityIDToConsumer" Type="htf:jscriptexec">
								<![CDATA[
									var re = new RegExp("^uid=(.*),ou=identities,dc=higgins,dc=eclipse,dc=org$", "i");
									RESULT = String(providerID.toString()).replace(re, "$1");
								]]>
							</Setting>
							<Setting Name="consumerAIDToProvider" Type="htf:jscriptexec">
								<![CDATA[
									map = multimap.consumer[String(consumerID.toString())];
									if (!map)
									{
										var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_";, "i");
										map = String(consumerID.toString()).replace(re, "");
									}
									RESULT = map;
								]]>
							</Setting>
							<Setting Name="providerAIDToConsumer" Type="htf:jscriptexec">
								<![CDATA[
									map = multimap.provider[String(providerID.toString()).toLowerCase()];
									if (!map)
										map = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_"; + providerID.toString();
									RESULT = map;
								]]>
							</Setting>
							<Setting Name="consumerEntityTypeToProvider" Type="htf:jscriptexec">
								<![CDATA[
									var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_";, "i");
									RESULT = String(consumerType.toString()).replace(re, "");
								]]>
							</Setting>
							<Setting Name="providerEntityTypeToConsumer" Type="htf:jscriptexec">
								<![CDATA[
									RESULT = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_"; + String(providerType.toString());
								]]>
							</Setting>
						</Setting>
					</Setting>
				</Setting>
			</Setting>
			<Setting Name="AppliesToMapper" Type="htf:map">
				<!-- The Extension Maps - used to map RSTs by their content to Token Extensions -->
				<Setting Name="AppliesToMap" Type="htf:appliestomap">
					<Setting Name="MikesSite" Type="htf:map">
						<Setting Name="AppliesTo" Type="xsd:anyURI">http://mikes.com/</Setting>
						<Setting Name="AppliesToMapping" Type="htf:appliestomapping">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
							<Setting Name="Issuer" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self</Setting>
						</Setting>
					</Setting>
				</Setting>
			</Setting>
			<Setting Name="ExtensionMapper" Type="htf:map">
				<!-- The Extension Maps - used to map RSTs by their content to Token Extensions -->
				<Setting Name="ExtensionMap" Type="htf:extensionmap">
					<Setting Name="SAML1.0Assertion-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML1.0Assertion-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML1.1Token-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</Setting>
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					
					<Setting Name="SAML1.1Token-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="Null-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="Null-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML1.0Assertion-Null-Issue-Provider" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
							<Setting Name="Issuer" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>	
					<Setting Name="SAML2.0Assertion-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Assertion-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Token-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</Setting>
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Token-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Assertion-Null-Issue-Provider" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
							<Setting Name="Issuer" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>	
					<Setting Name="SAML2.0Protocol-Null-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Protocol-Issue-Issue-Null" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
							<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>
					<Setting Name="SAML2.0Protocol-Null-Issue-Provider" Type="htf:map">
						<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
							<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
							<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
							<Setting Name="Issuer" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
						</Setting>
						<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
					</Setting>		
				</Setting>
			</Setting>
			<Setting Name="PollingMapper" Type="htf:map">
				<Setting Name="ExtensionList" Type="htf:list">
					<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
				</Setting>			
			</Setting>
			<!-- Consumes incoming credentials and generates an IDigitalIdentity -->
			<Setting Name="DigitalIdentityHandler" Type="htf:map">
				<!-- "Special" user allowed to access IDigitalIdentity information on behalf of other users -->
				<Setting Name="TrustedDelegator" Type="xsd:string">mikemci@xxxxxxxxxx</Setting>
				<!-- ContextRef used when CardId is not present in RST -->
				<Setting Name="DefaultContextRef" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
				<!-- Name of the Attribute used to provide a SubjectNameIdentifier -->
				<Setting Name="SubjectNameIdentifierAttribute" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
			</Setting>
			<!-- Consumes an IDigitalIdentity and generates a Provider Signed SAML Token -->
			<Setting Name="TokenGeneratorHandler" Type="htf:map">
				<!-- KeyType used when not specified in RST -->
				<Setting Name="DefaultKeyType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</Setting>
				<!-- Whether the SubjectNameIdentifier should be included in bearer tokens (note CardSpace Conformance requires false) -->
				<Setting Name="IncludeBearerSubjectName" Type="xsd:boolean">false</Setting>
				<!-- TokenIssuer "logical name" (need not be resolved - added into tokens as the Issuer) -->
				<Setting Name="TokenIssuer" Type="xsd:anyURI">https://vm-higgins2:8443/TokenService/services/Trust</Setting>
				<!-- When the STS should encrypt the response token (assuming the AppliesTo contains the certificate) -->
				<Setting Name="EncryptToken" Type="xsd:boolean">true</Setting>
				<!-- Name of the Attribute used to provide a SubjectNameIdentifier -->
				<Setting Name="SubjectNameIdentifierAttribute" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
				<!-- Format of the Attribute used to provide a SubjectNameIdentifier -->
				<Setting Name="SubjectNameIdentifierFormat" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</Setting>
			</Setting>
			<Setting Name="TokenEncryptHandler" Type="htf:map">
			</Setting>
			<!-- Consumes incoming credentials and generates a Provider Signed SAML Token -->
			<Setting Name="SAMLIssue" Type="htf:map">
				<Setting Name="ExtensionList" Type="htf:list">
					<Setting Name="First" Type="xsd:string">DigitalIdentityHandler</Setting>
					<Setting Name="Third" Type="xsd:string">TokenGeneratorHandler</Setting>
					<Setting Name="Fourth" Type="xsd:string">TokenEncryptHandler</Setting>
				</Setting>
			</Setting>
			<Setting Name="MetadataExchangeService" Type="htf:map">
				<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
					- location relative to the Configuration directory -->
				<Setting Name="MetadataWSDLFile" Type="htf:file">metadata-wsdl.xml</Setting>
				<!-- The file that contains the Schema returned by the WS-Transfer Endpoint
					- location relative to the Configuration directory -->
				<Setting Name="MetadataSchemaFile" Type="htf:file">metadata-schema.xml</Setting>
				<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
					- when UsernameTokens are used to authenticate to the IP/STS
					- location relative to the Configuration directory -->
				<Setting Name="UsernameTokenIssuePolicyFile" Type="htf:file">metadata-issue-username-supported.xml</Setting>
				<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
					- when SelfSignedSAML Tokens are used to authenticate to the IP/STS
					- location relative to the Configuration directory -->
				<Setting Name="SelfSignedSAMLTokenIssuePolicyFile" Type="htf:file">metadata-issue-selfsignedsaml-supported.xml</Setting>
				
				<Setting Name="X509TokenIssuePolicyFile" Type="htf:file">metadata-issue-x509-supported.xml</Setting>
			</Setting>
			<Setting Name="SecurityTokenService" Type="htf:map">
				<Setting Name="ExtensionMapperList" Type="htf:list">
					<Setting Name="First" Type="xsd:string">AppliesToMapper</Setting>
					<Setting Name="Second" Type="xsd:string">ExtensionMapper</Setting>
					<Setting Name="Third" Type="xsd:string">PollingMapper</Setting>
				</Setting>
			</Setting>
			
			<Setting Name="ProfileService" Type="htf:map">
				<!-- The CardId to be placed into generated cards
					- see JNDI CP documentation for details
					- must point to JNDI CP config file -->
				<Setting Name="CardId" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
				<!-- The file that contains the image to be placed into generated cards
					- location relative to the Configuration directory -->
				<Setting Name="CardImageFile" Type="htf:file">higgins.jpg</Setting>
				<!-- The LDAP Server Endpoint where the Web Application stores User Profiles
					- this is temporary until the Context Providers are writable -->
				<Setting Name="LDAPProvider" Type="xsd:anyURI">ldap://localhost:389</Setting>
				<!-- The LDAP Principal to be used to authenticate to the LDAP Server -->
				<Setting Name="LDAPPrincipal" Type="xsd:string">cn=root</Setting>
				<!-- The LDAP Credential to be user to authenticate to the LDAP Server -->
				<Setting Name="LDAPCredential" Type="xsd:string">higgins</Setting>
				<!-- The initial part of the DN for the entry for each User Profile in the LDAP Store -->
				<Setting Name="LDAPEntryPrefix" Type="xsd:string">uid=</Setting>
				<!-- The final part of the DN for the endtry for each User Profile in the LDAP Store -->
				<Setting Name="LDAPEntrySuffix" Type="xsd:string">,ou=identities,dc=higgins,dc=eclipse,dc=org</Setting>
				<!-- <Setting Name="LDAPTrustedStore" Type="xsd:string">LDAPTrustStore.jks</Setting> 
				<Setting Name="LDAPTrustedStorePassword" Type="xsd:string">changeit</Setting> -->	
				<Setting Name="SupportedClaimList" Type="htf:list">
					<Setting Name="givenname" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</Setting>
					<Setting Name="surname" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</Setting>
					<Setting Name="emailaddress" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
					<Setting Name="streetaddress" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress</Setting>				
					<Setting Name="locality" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality</Setting>
					<Setting Name="stateorprovince" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince</Setting>
					<Setting Name="postalcode" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode</Setting>
					<Setting Name="country" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country</Setting>
					<Setting Name="homephone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone</Setting>						
					<Setting Name="otherphone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone</Setting>
					<Setting Name="mobilephone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</Setting>
					<Setting Name="dateofbirth" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth</Setting>
					<Setting Name="gender" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender</Setting>
					<Setting Name="nickname" Type="xsd:anyURI">http://sts.labs.live.com/2006/06/claims/nickname</Setting>
					<Setting Name="cameratype" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/cameratype</Setting>
					<Setting Name="group" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/group</Setting>
					<Setting Name="groupRole" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/groupRole</Setting>		
					<Setting Name="privatepersonalidentifier" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</Setting>
				</Setting>
				<Setting Name="EntryObjectClassList" Type="htf:list">
					<Setting Name="top" Type="xsd:string">top</Setting>
					<Setting Name="person" Type="xsd:string">person</Setting>
					<Setting Name="organizationalPerson" Type="xsd:string">organizationalPerson</Setting>
					<Setting Name="inetOrgPerson" Type="xsd:string">inetOrgPerson</Setting>
					<Setting Name="ePerson" Type="xsd:string">ePerson</Setting>
					<Setting Name="higginsPerson" Type="xsd:string">higginsPerson</Setting>
				</Setting>
			</Setting>
		</Setting>
		
		<!-- The name of the class that provides the factory for the class that implements the Apache XML Security Extension -->
		<Setting Name="XMLSecurityExtension" Type="htf:singleton">org.eclipse.higgins.sts.xmlsecurity.apache.XMLSecurityApacheExtensionFactory</Setting>		

		<!-- The name of the class that provides the factory for the class that implements the JNDI Context Provider -->
		<Setting Name="JNDIContextFactory" Type="htf:classinstance">org.eclipse.higgins.idas.cp.jndi.JNDIContextFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the IdASRegistry -->
		<Setting Name="IdentityAttributeService" Type="htf:classsingleton">org.eclipse.higgins.idas.registry.IdASRegistry</Setting>

		<!-- The name of the class that provides the factory for the class that implements the AppliesTo Mapper -->
		<Setting Name="AppliesToMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMapperFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the Extension Mapper -->
		<Setting Name="ExtensionMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapperFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the Polling Mapper -->
		<Setting Name="PollingMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.polling.PollingMapperFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the Digital Identity Token Extension -->
		<Setting Name="DigitalIdentityHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.identity.DigitalIdentityHandlerFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the SAML Generator Token Extension -->
		<Setting Name="TokenGeneratorHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.saml.TokenGeneratorHandlerFactory</Setting>	
		
		<!-- The name of the class that provides the factory for the class that implements the Encrypt Token Extension -->
		<Setting Name="TokenEncryptHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.encrypt.TokenEncryptHandlerFactory</Setting>	
		
		<!-- The name of the class that provides the factory for the class that implements the SAML Token Extension -->
		<Setting Name="SAMLIssue" Type="htf:instance">org.eclipse.higgins.sts.server.token.compound.CompoundHandlerFactory</Setting>
		
		<!-- The name of the class that provides the factory for the class that implements the ProfileService -->
		<Setting Name="ProfileService" Type="htf:singleton">org.eclipse.higgins.sts.server.profile.ProfileServiceFactory</Setting>
		
		<!-- The name of the class that provides the factory for the class that implements the MetadataExchangeService -->
		<Setting Name="MetadataExchangeService" Type="htf:singleton">org.eclipse.higgins.sts.server.metadata.MetadataExchangeServiceFactory</Setting>

		<!-- The name of the class that provides the factory for the class that implements the SecurityTokenService -->
		<Setting Name="SecurityTokenService" Type="htf:singleton">org.eclipse.higgins.sts.server.trust.SecurityTokenServiceFactory</Setting>

	</Setting>
	
</Configuration>

Follow-Ups:
- Re: [higgins-dev] Problem with Managed I-Card
  - From: Sergey Lyakhov

References:
- Re: [higgins-dev] Problem with Managed I-Card
  - From: Sergey Lyakhov

Prev by Date: Re: [higgins-dev] Problem with Managed I-Card
Next by Date: [higgins-dev] Agenda for Higgins Developers Call on Thursday December 11 at Noon ET
Previous by thread: Re: [higgins-dev] Problem with Managed I-Card
Next by thread: Re: [higgins-dev] Problem with Managed I-Card
Index(es):
- Date
- Thread

Breadcrumbs