[higgins-dev] Missing information about the IssueInstant into the HttpSe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Missing information about the IssueInstant into the HttpSession object

From: "Leonardo Straniero" <leonardo.straniero@xxxxxxxxxxxx>
Date: Fri, 12 Jun 2009 16:39:42 +0200
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Acnra58WAEWx8YN/RZGCH0vR0Bj+ew==

Hi All,

We actually have developed 3 different libraries (that use the Higgins Framework code):

· Java Server Authentication Library (JSAL): this is the library a server has to use to manage the authentication process with a client (1.1M4 Higgins code)

· Java Client Authentication Library (JCAL): this library has to be used by a "non-interactive" client (i.e. a client that cannot interact with the end-user to select an iCard). Using this library even "batch" clients can use iCards (which are stored in ad hoc files) and mimic the behaviour of "normal" clients (1.1M6 Higgins Code)

· Java Client User Interface Authentication Library (JCUAL): this library has to be used by interactive clients. It makes possible for a client to use the services of an iCard Selector (e.g. Microsoft CardSpace) interacting with the iCard Selector via the Higgins Selector Switch (HSS).

In reference to the JSAL application, it has the objective to receive an encrypted security token from a client and validate for authentication purpose. I use the org.eclipse.higgins.rp.icard.ICardProtocolHandler class. In particular I use the following methods:

· ICardProtocolHandler.init(): to initialize the protocol to handle the ICard authentication method.

· ICardProtocolHandler.getKeyStore(): to load the Java Keystore containing the keys and certificates.

· I written a new method authenticate() which uses the ICardProtocolHandler.processUserToken() method to validate, decrypt and extract the user’s claims and call the ICardProtocolHandler.registerCallbacks() method to store the claims and additional information (such as the SessionID, TokenType and so on) into an HttpSession object. We store this object into a sessions store to keep track of users and their information.

Now I expose my question. Looking the decrypted token obtained into the processUserToken() method I can see the “IssueInstant” attribute in the saml:Assertion tag. Nobody before now has ever thought that it is useful to include this information within the TttpSession object returned after the processToken() method to track token issue instant?

For example, that information can be used by the server’s main logic to manage the expiration time of the tokens received.

Is this feature provided for the next Version of Higgins?

Any feedbacks will be appreciated.

TIA

Best Regards.

============================

Dr. Leonardo Straniero

CRS - Corporate Research

c/o Tecnopolis N.O.

Strada Prov. per Casamassima Km 3

70010 Valenzano (BA) - Italy

Prev by Date: [higgins-dev] Mismatch between the issue and receive token time due to wrong time zone setting
Next by Date: Re: [higgins-dev] Mismatch between the issue and receive token time due to wrong time zone setting
Previous by thread: [higgins-dev] Mismatch between the issue and receive token time due to wrong time zone setting
Next by thread: [higgins-dev] FW: [higgins-announce] How to resolve packages in Eclipse ?
Index(es):
- Date
- Thread

Breadcrumbs