Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] Problem with Managed I-Card

Sergey,

reading my errors messages i solved all my errors.

 

Now all work perfectly.

 

Thank you for your help.

 

Best Regards.

Leonardo Straniero.

 

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: martedì 16 dicembre 2008 12.11
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

 

Leonardo,

 

> I insert “log4j.logger.org.eclipse.higgins.sts=trace” in my log properties and I see the error messages on the STS’s console.

 

It looks like a bug of STS logging. Can you send the stack trace of your error?

 

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

Sent: Tuesday, December 16, 2008 11:11 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

 

Hi Sergey,

 

thank you very mutch for your precious signs.

I insert “log4j.logger.org.eclipse.higgins.sts=trace” in my log properties and I see the error messages on the STS’s console.

Then I discover a wrong version of libraries for the axis1x dependences.

 

I resolve all my problems and now all work perfectly.

 

Best Regards.

Thanks,

Leonardo Straniero.

 

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: giovedì 11 dicembre 2008 18.31
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

 

Leonardo,

 

At least, you have a problem with signing a token. Token is being signed with "IssuerPrivateKey" private key and public key of "IssuerCertificate" certificate. In other words, "IssuerPrivateKey" and public key of "IssuerCertificate" should be from the same key pair. Most likely, you need to replace "cacert" alias in "IssuerCertificate" element with "tomcat". If you will have additional problems, turn on trace level for STS logging (add "log4j.logger.org.eclipse.higgins.sts=trace" to your log4j.properties file).

 

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

Sent: Tuesday, December 09, 2008 7:12 PM

Subject: RE: [higgins-dev] Problem with Managed I-Card

 

Hi,

post my card, my STS configuration file, my STS keystore.jks.

The STS’s log don’t print errors…L

 

I send my card to bandit RP and have the same problem.

 

Please see the attachments.


Regards.

 

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: martedì 9 dicembre 2008 14.51
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

 

Leonardo,

 

>  I think now the STS is working and have only authentication problem (certificate and keystore???).

 

 

Thanks,
Sergey Lyakhov

----- Original Message -----

Sent: Tuesday, December 09, 2008 11:24 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

 

Hi,

thanks for your response.

 

The <Address>https://rh154.sohosmart.net/TokenService/services/Trust</Address> in the configuration file was

https://localhost/TokenService/services/Trust

 

and with this configuration I read these messages:

 

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=g5KVqdBhaEa400itu24a

org.eclipse.higgins.rp.servlet.server.AuthNFilter doFilter

INFO: 127.0.0.1 tried to access https://localhost:8443/RelyingPartyDemoApp2/protected/index.jsp on Fri Dec 05 17:43:59 CET 2008

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=iWRCfFEnMxFnBLvhK6hF

org.eclipse.higgins.rp.icard.ICardProtocolHandler getKeyStore

INFO: name: C:\apache-tomcat-5.5.25\webapps\RelyingPartyDemoApp2\keystore.jks type: JKS

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

GRAVE: Unable to proecess token

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

 

If I modify the configuration file and insert this configuration

https://localhost:8443/TokenService/services/Trust  (I add the number of port)

 

I read these messages:

 

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=3qL2yMi20G52KZC3HqZX

org.eclipse.higgins.rp.servlet.server.AuthNFilter doFilter

INFO: 127.0.0.1 tried to access https://localhost:8443/RelyingPartyDemoApp2/protected/index.jsp on Tue Dec 09 10:03:45 CET 2008

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=IUjAaf/gGz7VpV2NR8Ht

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

 

I don’t read the error “Unable to proecess token” but only the info message “org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token”.

 

I think now the STS is working and have only authentication problem (certificate and keystore???).

 

Is my idea right?


Best Regards,

Leonardo Straniero.

 

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 16.43
To: leonardo.straniero@xxxxxxxxxxxx; 'Higgins (Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev] Problem with Managed I-Card

 

Leonardo,

 

> The STS don’t write in the log file; is it a signal to be sure my STS does not work?

 

If you open your .crd file you can seethe following:

 

  <TokenServiceList>
    <TokenService>
     <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
      <Address>https://rh154.sohosmart.net/TokenService/services/Trust</Address>

Most likely, <Address> URI in your card does not respond to your real STS endpoint URL. As a result, there is no any STS log, because selector could not send a token request to your STS. In this case you need to fix your STS configuration file (set correct STS URIs) and reissue a card. Otherwise check log4j.properties for STS to see errors (by the way, becauseProfile is a part of STS, you should see STS log when you work with profile).

 

Thanks,
Sergey Lyakhov

----- Original Message -----

From: Leonardo

Sent: Friday, December 05, 2008 4:23 PM

Subject: [higgins-dev] Problem with Managed I-Card

 

 

 

From: Leonardo [mailto:leonardo.straniero@xxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 15.07
To: 'Sergey Lyakhov'
Subject: RE: [higgins-dev] Problem with Managed I-Card

 

Hi Sergey,

I follow your instruction and I think my STS don’t work.

 

When I select the I-Card generated by my STS with the bandit RP I read in the last rows of my Catalina log file these messages:

 

5-dic-2008 14.48.40 org.apache.catalina.startup.Catalina start

INFO: Server startup in 4346 ms

 

The STS don’t write in the log file; is it a signal to be sure my STS does not work?

 

If I use my Higgins RP with the Bandit Card I can read in the Catalina log file  these messages:

 

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.server.Login newAuthSession

INFO: Saving Original URI to session: /

5-dic-2008 15.01.20 org.eclipse.higgins.rp.icard.ICardProtocolHandler init

INFO: initializing

5-dic-2008 15.01.20 org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=XsEd6gtxxP3V7BLqW/Nu

……

INFO: name: C:\apache-tomcat-5.5.25\webapps\RelyingPartyDemoApp2\localhost.jks type: JKS

5-dic-2008 15.01.34 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypt token using key Sun RSA private CRT key, 1024 bits

  modulus:

………

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Decrypted token looks like

……..

5-dic-2008 15.01.35 org.apache.xml.security.signature.Reference verify

INFO: Verification successful for URI "#urn:uuid:EA1F11BE3F25561F111228485634921553"

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

……..

5-dic-2008 15.01.35 org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Sucessfully authenticated token

 

Is it a problem with keystore and certificates?

 

Thanks,

Leonardo Straniero.

From: Sergey Lyakhov [mailto:slyakhov@xxxxxxxxxxxxxx]
Sent: venerdì 5 dicembre 2008 14.07
To: leonardo.straniero@xxxxxxxxxxxx; Higgins (Trust Framework) Project developer discussions
Subject: Re: [higgins-dev] Problem with Managed I-Card

 

> If I generate a card with the Higgins STS online,  the different in size between my card and this card is about 3 KB

> and  if  I use this card in my Relying Party the authentication is ok.

 

Cards contain an image wihch can have different size, so it is not a problem. In any case,the card is ok if you are able to import this card into higgins or cardspace.

 

> If I check my Tomcat Console I read the follow error:

> org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

> INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

> org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

> INFO: Error authenticating token

> org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

 

Actually, it is error message of your higgins RP, not STS. Try to test your STS with some another RP (https://wag.bandit-project.org/BanditIdP/index.jsp?option=testinfocard&action=""> for example) to be sure your STS does (not) work.

 

You need to do the following:

1. Delete tomcat/logs/catalina.out log file.

2. Run tomcat.

3. Login to RP mentioned above.

4. Look/send errors in catalina.out log file if your STS does not work.

 

Thanks,
Sergey Lyakhov

----- Original Message -----

Sent: Friday, December 05, 2008 10:41 AM

Subject: RE: [higgins-dev] Problem with Managed I-Card

 

Any ideas?

Can is it a problem with certifications?

 

Regards.

 

From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Leonardo
Sent: giovedì 4 dicembre 2008 10.15
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem with Managed I-Card

 

Hi All,

i have a problem with my Higgins STS.

I can generate a Card for a Digital Subject Profile but when I use it in my Higgins Relying Party Demo i read this error:

 

The card contents could not be retrieved.

Check your network connection, and verify that you have supplied the

correct authentication credentials.

 

If I check my Tomcat Console I read the follow error:

 

org.eclipse.higgins.rp.servlet.impl.DispatchCallbackHandler redirect

INFO: ../MultiLogin.jsp?authsession=PUqxNiwoxwV5WKSlsKJI

org.eclipse.higgins.rp.icard.ICardProtocolHandler processUserToken

INFO: Error authenticating token

org.eclipse.higgins.rp.servlet.impl.ResultCallbackHandler handleFailure

GRAVE: authn failure - no token: forward to NoXmlToken.jsp

 

If I generate a card with the Higgins STS online,  the different in size between my card and this card is about 3 KB and  if  I use this card in my Relying Party the authentication is ok.

 

Is it a problem with the configuration  or installation of my Higgins STS?

 

Please help me to fix this error.

 

Best Regars,

Leonardo Straniero.

 

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Back to the top