Re: [higgins-dev] Problems deploying Higgins Web Proxy

[Markus Sabadello <msabadello@xxxxxxxxxxxxx>]

Hi David,

Great to hear it's working for you. Making it work with XRI is easy :)

1. First you need to register an i-name which will act as the "root" for your Web Selector (we don't use the name "Web Proxy" anymore).
You can either buy a top-level i-name here: http://inames.net/register.html
Or you can get a free second-level i-name here: http://www.freexri.com

For example, if you register the top-level i-name =safelayer, then =safelayer*david will be an OpenID for your Web Selector.
Or if you register the second-level i-name =web*safelayer, then =web*safelayer*david will be an OpenID for your Web Selector.

2. You need to know the i-number of the i-name you just registered. You can find that out by typing this in your browser:
http://xri.net/=theinameyoujustregistered?_xrd_r=application/xrd+xml;sep=false;debug=1

You can see the i-number inside the <CanonicalID> element.

3. Now you need to configure an "authority resolution service endpoint" for your i-name. How you do that depends on where you registered the i-name. See http://wiki.eclipse.org/Web_Selector#XRI_OpenID_Identifiers to see the pattern for that service endpoint. You have to make sure it contains your i-number in the <ProviderID> element, and the address of your Web Selector in the <URI> element. Also, you should check if your i-name already had a previous "authority resolution service endpoint". If yes, you should remove it.

4. Finally, you need to put your i-number into your application.properties file of higgins.proxy.web, e.g. like this:
xri-providerid==!89F9.2C84.ACEA.F2F0

That should be it! You should now be able to use [your-root-iname]*[your-rpps-username] as an OpenID.

Let me know if anything's not working as it should!

Markus

On Tue, Mar 10, 2009 at 2:05 PM, David Campos <noymn.the.archangel@xxxxxxxxx> wrote:

Hello again,

Finally I've worked out how to setup Higgins Web Proxy over a Tomcat 6.0 environment and working against a RPPS and ICM (M5) using URI discovery.

I've found that RPPS search for PersonalConfiguration and keystore files into .iss/cardspace and .iss nad maybe that should be discussed in order to allow end users to place the files in the right folders.

Now I would like to configure Web Proxy to work with XRI. Could you help me Markus?

Thanks for the help

---
David Campos
Safelayer Secure Communications S.A.

Spain

On Fri, Mar 6, 2009 at 00:17, Markus Sabadello <msabadello@xxxxxxxxxxxxx> wrote:

Hi David,

Unfortunately we can't check openid4java into the Eclipse SVN (yet).
But I just uploaded ZIP files for you with the libraries you need:
http://graceland.parityinc.net/~msabadello/proxy.test.lib.zip
http://graceland.parityinc.net/~msabadello/proxy.web.lib.zip

Please put the .jars inside the ZIPs into the WEB-INF/lib folders of the respective web applications!
Let me know if you need anything else.

Markus

On Thu, Mar 5, 2009 at 10:00 PM, David Campos <noymn.the.archangel@xxxxxxxxx> wrote:

I'll do it tomorrow. Due the different timezones is hard for me to contact you in my work time :)

Just another thing. Could you, if you have time of course, send me a snapshot where I could see which libraries are needed for both applications? If I remember well there was two or more libs that I had to add by myself :)

Thanks,

---
David Campos
Safelayer Secure Communications S.A.

On Thu, Mar 5, 2009 at 16:52, Markus Sabadello <msabadello@xxxxxxxxxxxxx> wrote:

Hi David,

Please try the following:
1. Update the sources of both projects from SVN.
2. Use the attached version of openid4java (put it into WEB-INF/lib) instead of whatever version of openid4java you are currently using.

Let me know if that helps..

Markus

On Thu, Mar 5, 2009 at 3:36 PM, David Campos <noymn.the.archangel@xxxxxxxxx> wrote:

Obviously that worked. I was a bit stupid to not think that :P I based all my tests in the doc that is placed in the website and since there wasn't a specific point in <server-url> that made me guess that it was the full URL of the webproxy webapp I went though the simple logic location... base url or icm :P

After that change it worked but Yadis is unable to get something from the discovered files. I've got one error about HEADERS

GRAVE: Discovery failed on realm: http://akane.safelayer.lan
org.openid4java.discovery.yadis.YadisException: 1803: HTML response must have exactly one HEAD element, found 0 :

and another about URL

GRAVE: Discovery failed on realm: http://akane.safelayer.lan:7080
org.openid4java.discovery.yadis.YadisException: 1800: A Yadis Resource Descriptor URL MUST be an absolute URL and it must be HTTP or HTTPS; found: null

Obviously I've been playing with URLs and ports since Apache is doing redirects and maybe that is being messy.

Thanks for the help :)

Regards,
---
David Campos
Safelayer Secure Communications S.A.

On Thu, Mar 5, 2009 at 13:07, Markus Sabadello <msabadello@xxxxxxxxxxxxx> wrote:

Hi David,

The OpenID URL is always formed like this:
[URL of the Web Selector] + [RPPS username]

In your case, it seems the Web Selector is deployed at

http://akane.safelayer.lan/org.eclipse.higgins.proxy.web/

Therefore, a valid OpenID URL for the RPPS user "test" would be
http://akane.safelayer.lan/org.eclipse.higgins.proxy.web/test

But instead it seems you are trying this OpenID URL

http://akane.safelayer.lan:7080/test

.. which of course returns a 404, because the Web Selector is deployed at a different URL.

Does that help? Please let us know how this works out for you. It would be great to get more feedback on the Web Selector. I can also help you make it work with XRIs.

Markus

On Thu, Mar 5, 2009 at 12:52 PM, David Campos <noymn.the.archangel@xxxxxxxxx> wrote:

Hello all,

I've been working for a long time with many Higgins Solutions (STS, ICM, RPPS) from M1 and recently I moved to M5. In our company we have been developing an application that uses Higgins STS modded in order to archieve know how, learn this technology and soon be able to help to its development. Also we're trying to help to aproximate this technology to end users in Spain.

2 weeks ago I found out that Higgins Web Proxy had been developed recently and I thought that it could be really useful in our development and I've been trying to see what is capable to do. I upgraded RPPS and ICM to M5 and build proxy.test and proxy.web apps and configured them to my environment. But unfortunelly I've been blocked by an exception on Discovery that seems to not recognise any url that I try.

I'm not sure if I'm using bad URL or something because neither works the XRI.... ICM is deployed at https://akane.safelayer.lan/icm/ and it works using the Air Selector.

The exception is this one:

05-mar-2009 10:26:13 org.openid4java.discovery.Discovery discover
INFO: Starting discovery on URL identifier: http://akane.safelayer.lan:7080/test
05-mar-2009 10:26:13 org.openid4java.discovery.Discovery discover
ADVERTENCIA: Yadis discovery failed on http://akane.safelayer.lan:7080/test : 1798: GET failed on http://akane.safelayer.lan:7080/test
05-mar-2009 10:26:13 org.openid4java.discovery.Discovery discover
INFO: No OpenID service endpoints discovered through Yadis; attempting HTML discovery...
05-mar-2009 10:26:13 Login error
GRAVE: Sorry, we encountered a problem while discovering OpenID metadata: 1537: GET failed on http://akane.safelayer.lan:7080/test Received status code: 404
org.openid4java.discovery.DiscoveryException: 1537: GET failed on http://akane.safelayer.lan:7080/test Received status code: 404
    at org.openid4java.discovery.html.HtmlResolver.call(HtmlResolver.java:171)
    at org.openid4java.discovery.html.HtmlResolver.discover(HtmlResolver.java:138)
    at org.openid4java.discovery.Discovery.discover(Discovery.java:225)
    at org.openid4java.discovery.Discovery.discover(Discovery.java:149)
    at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:468)
    at Login.doPost(Login.java:80)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:595)

This is my proxy.test config:

openid-endpoint-url="" href="http://akane.safelayer.lan/org.eclipse.higgins.proxy.test/Callback" target="_blank">http://akane.safelayer.lan/org.eclipse.higgins.proxy.test/Callback
openid-realm=http://akane.safelayer.lan/

This is my proxy.web config:

# Higgins Identity Server (RPPS) to use

rpps=https://akane.safelayer.lan/rpps-axis/services/RPPSService?wsdl

# absolute URL to the Higgins Web Proxy
server-url="" href="http://akane.safelayer.lan/org.eclipse.higgins.proxy.web/" target="_blank">http://akane.safelayer.lan/org.eclipse.higgins.proxy.web/

# the XRD ProviderID; used as a base for constructing the CanonicalID
xri-providerid=@higgins

And finally I attach my ICM context configs.

Thanks for the help that you could give me :)

Regards,
---
David Campos
Safelayer Secure Communications S.A.

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev