[higgins-dev] Re: [I-Card Selector Switch]Server certificate not transmi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Re: [I-Card Selector Switch]Server certificate not transmit to Selector

From: Vitaliy Lakhno <vlakhno@xxxxxxxxxxxxxx>
Date: Tue, 29 Sep 2009 15:14:26 +0300
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Organization: aquasoft
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hello,

Thanks for feedback.
A rough estimate of this issue is that HBX (IE add-on) is not able to create certificate chain properly, maybe because there are invalid certificates (Untrusted) on the sites (https://souscriptionflash.orange.telecom.test.fc2consortium.org/ and https://ej.ds.bancaire.test.fc2consortium.org). Sometimes, it can cause an issue.

Also, could you provide to me some information:
* Can you see "azigo encountered an error when verifying the identity of the site and cannot continue." message box, when certificate chain is missed?
* Could you tell me hbxie.dll version? (AZIGO_BIN/hbxie.dll -> Context Menu-> Properties->Version->File version)
* Is that computer has direct connection to the Internet or through proxy server (if yes is it auto-proxy or proxy settings are set manually in IE)?

Thanks.

--------------------------------
Vitaliy Lakhno

PASQUIER thomas wrote:

Hi Vitaly,

We encounter a bug that we are not able to reproduce for the moment, in one of our computer the server certificate is not send to the selector (it’s sent sometimes but we can’t figure out if there is any reason for switch selector to send it or not). Switching between selector don’t modify the behavior of the switch selector.

We met this bug under Internet Explorer 7 and Windows XP SP3, we used Firefox 3.x on the same computer, at the same time and met no problem.

Working request:

<hbx_request>

<object_name>xmltoken</object_name>

<document_URL>https://souscriptionflash.orange.telecom.test.fc2consortium.org/FC2Flash/SouscriptionFlash.do%3foperation=initPage3</document_URL>

<parameters>

<parameter name="TokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"/>

<parameter name="certificate" value="MIIFkzCCBHugAwIBAgIIc2ew1GBhLWwwDQYJKoZIhvcNAQEFBQAwWzEhMB8GA1UEAwwYRkMyIHN1

YkFDIHRlbGVjb20gU2VydmVyMQ0wCwYDVQQLDAR0ZXN0MRowGAYDVQQKDBFmYzJjb25zb3J0aXVt

Lm9yZzELMAkGA1UEBhMCRlIwHhcNMDkwMzIzMTcyNTI1WhcNMTAxMDE0MTcyNTI1WjB4MUAwPgYD

VQQDDDdzb3VzY3JpcHRpb25mbGFzaC5vcmFuZ2UudGVsZWNvbS50ZXN0LmZjMmNvbnNvcnRpdW0u

b3JnMQ8wDQYDVQQLDAZvcmFuZ2UxFjAUBgNVBAoMDWZjMmNvbnNvcnRpdW0xCzAJBgNVBAYTAkZS

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnIyH9mT9Ms5NR4jpsUtQcuPG7GccKdE/2iCz8

9sf57TEojpRqo94PTOfg9ZOwcBSiT3yeD8YG2A2KKBvtbrzE5h90tuvPlgQQSjw2EapFm/Hu2gLs

7n63xnsVd1TILUcmL+L+aJw1KjDOzpQ4a2sxO9XRVa0RLSgVB3VRdNgrTQIDAQABo4ICwDCCArww

gcYGCCsGAQUFBwEBBIG5MIG2MFsGCCsGAQUFBzAChk8vaG9tZS9mYzIvVOls6WNoYXJnZW1lbnQv

Y2VydGlmaWNhdHMgRkMyL0FDL3N1YkFDL0ZDMnN1YkFDZ291dlNlcnZlci5jYWNlcnQucGVtMFcG

CCsGAQUFBzABhktodHRwOi8vYWMuZHMuY29tbXVuLnRlc3QuZmMyY29uc29ydGl1bS5vcmc6ODA4

MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwHQYDVR0OBBYEFPeEDniIQ/oMaUcDqnmCexsG

BCDbMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUwNL/TMX8Ey9cMcf+2Rky+WZAvucwggEaBgNV

HR8EggERMIIBDTCCAQmggaWggaKGgZ9odHRwOi8vYWMuZHMuY29tbXVuLnRlc3QuZmMyY29uc29y

dGl1bS5vcmc6ODA4MC9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlz

c3Vlcj1DTj1GQzIgc3ViQUMgdGVsZWNvbSBTZXJ2ZXIsIE89ZmMyY29uc29ydGl1bS5vcmcsIE9V

PXRlc3QsIEM9RlKiX6RdMFsxITAfBgNVBAMMGEZDMiBzdWJBQyB0ZWxlY29tIFNlcnZlcjEaMBgG

A1UECgwRZmMyY29uc29ydGl1bS5vcmcxDTALBgNVBAsMBHRlc3QxCzAJBgNVBAYTAkZSMA4GA1Ud

DwEB/wQEAwIE8DAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF

BQcDCDBCBgNVHREEOzA5gjdzb3VzY3JpcHRpb25mbGFzaC5vcmFuZ2UudGVsZWNvbS50ZXN0LmZj

MmNvbnNvcnRpdW0ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQB7kf7qiIWX7nQwGZTAX0NFq8kFUzPh

kRdxKQsQl2UjTCoSh5QxXcA+921oRHBlgxlyaYgQVbvtLfFIlbDGKgGSTgo/QxD1i1PST03jpGfk

hQ/NFSqY/G1/zPKBkVUtiQsdPYyMpBZePZwib5I0/9b9/w5yuIyuJHIr3JSfSZYTtr2PXOLtEFlr

cGJkI/OYnm8C+BeeY3s14lJCe1K7GL00HiDhq/yuiD2Twak8251fofRmKwmMbAAO40eKVLdnGPgq

R20NnG+6wFtsXHOeweGjbc7XXNXsipXTl0xjtijIBdewOCn1HJGsZvVgshfXThFJ/f+sAxsk8zh4

9BYhmpL8MIIFBTCCA+2gAwIBAgIIdQaikFfH78QwDQYJKoZIhvcNAQEFBQAwUTEXMBUGA1UEAwwO

RkMyIEFDIHRlbGVjb20xDTALBgNVBAsMBHRlc3QxGjAYBgNVBAoMEWZjMmNvbnNvcnRpdW0ub3Jn

MQswCQYDVQQGEwJGUjAeFw0wOTAzMTgxMDAzMDhaFw0xNzA2MDQxMDAzMDhaMFsxITAfBgNVBAMM

GEZDMiBzdWJBQyB0ZWxlY29tIFNlcnZlcjENMAsGA1UECwwEdGVzdDEaMBgGA1UECgwRZmMyY29u

c29ydGl1bS5vcmcxCzAJBgNVBAYTAkZSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA

gpi8ozto6ub7oto3jASY5WCs1iVHkMboomZ96K5CRDSY8hJeToKqFKcus2omtyBlYwXGa/KwNKoU

otlvmtdHmJ8MTGyTHEBI4Abo+7VY1WL2zJQfw7hvnS6kOwrnUthMIVU0lAZoyEuryIria2zdIHGQ

eL2z29uABmxV5r4rbsv2CZ90AivZiCyXq/dS8LnOxysmK+oTD1fnzcMAty4Snre6ppGBc0Hs35CK

GaxjsmILJPaUgtRgZz71Z/uj7G2+qQEFxbhqlPT+fPCYcDRgXO8X6xsmwzY3MGPpt565j0Y6dtzY

Io6oQs/z7NlB7CgOrApZ+EdBdiairwWqoofVmQIDAQABo4IB1TCCAdEwZwYIKwYBBQUHAQEEWzBZ

MFcGCCsGAQUFBzABhktodHRwOi8vYWMuZHMuY29tbXVuLnRlc3QuZmMyY29uc29ydGl1bS5vcmc6

ODA4MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwHQYDVR0OBBYEFMDS/0zF/BMvXDHH/tkZ

MvlmQL7nMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUIQ74OrST5/F+mJ40j77ZAaeVKF4w

ggEDBgNVHR8EgfswgfgwgfWggZuggZiGgZVodHRwOi8vYWMuZHMuY29tbXVuLnRlc3QuZmMyY29u

c29ydGl1bS5vcmc6ODA4MC9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3Js

Jmlzc3Vlcj1DTj1GQzIgQUMgdGVsZWNvbSwgTz1mYzJjb25zb3J0aXVtLm9yZywgT1U9dGVzdCwg

Qz1GUqJVpFMwUTEXMBUGA1UEAwwORkMyIEFDIHRlbGVjb20xGjAYBgNVBAoMEWZjMmNvbnNvcnRp

dW0ub3JnMQ0wCwYDVQQLDAR0ZXN0MQswCQYDVQQGEwJGUjAOBgNVHQ8BAf8EBAMCAUYwDQYJKoZI

hvcNAQEFBQADggEBAHMm2IpzhOhf0m6bU/d/gXEoIDoPJajf2/5S5LiW6EA/q7c3D1IOdzdyOYpA

Ahg/Ie5wDyothyo/S6bPgNMp1IO8Nn8owPe7iYXpJ+Cv5oxRcDR4xIJ+hz6MUXSGb+12EHjtYO8O

62OHEG3UFbrx2dbEk/pHKgRnIozr1URBeDVOfxuqfqo01fN6kmR8T9Tr2aQkZoNEtOFX8BBVsbUV

Zc8bEdU9sxnezlm2authzC8OtKidlmDtVqfuvYWiVw9OnePz3/n9QbNuYdM2mkov/VOA/LAEodSC

YCnOKtiUBQJTB2kcvYulaEkRUKKWr0/SyU2Rl6wH6rBYUZGJUniirCI=MIIE+zCCA+OgAwIBAgII

WID+/c25jjUwDQYJKoZIhvcNAQEFBQAwUTEXMBUGA1UEAwwORkMyIEFDIHRlbGVjb20xDTALBgNV

BAsMBHRlc3QxGjAYBgNVBAoMEWZjMmNvbnNvcnRpdW0ub3JnMQswCQYDVQQGEwJGUjAeFw0wOTAz

MTgwOTQ4NTFaFw0xOTAzMTYwOTQ4NTFaMFExFzAVBgNVBAMMDkZDMiBBQyB0ZWxlY29tMQ0wCwYD

VQQLDAR0ZXN0MRowGAYDVQQKDBFmYzJjb25zb3J0aXVtLm9yZzELMAkGA1UEBhMCRlIwggEiMA0G

CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSH/UOayla9PdOKC2IfsHA0SY8lPBdYQmmyNmY+IOW

iXj4Sb9kbDwqK/B+E6gVDsXZIsXrawzkfxTrahm83gJI0DAE8h9rzP7eoPHQ3faNLFXguCzJx1Dh

N/eDW41EkU9rIBtCtJ2VmFhxZlnL2nT5XhAY+VnZ3/0EEnbRsXb6goFswlW8BRbCYg3h4rjbWa+Y

RTbifwKZWjk0OhpoDPUtWrHAucLL9hoJ+gTuVT+N7LaMB0O1lXYL1gPyEXPr7GWXHOssVYIfyGq0

olFrCR34cEahgQVDykNBi2vIoJxi65pmRjdLDGqFGFDuLDgJFrSG8IEomhJ7/zBiVSEGjK8vAgMB

AAGjggHVMIIB0TBnBggrBgEFBQcBAQRbMFkwVwYIKwYBBQUHMAGGS2h0dHA6Ly9hYy5kcy5jb21t

dW4udGVzdC5mYzJjb25zb3J0aXVtLm9yZzo4MDgwL2VqYmNhL3B1YmxpY3dlYi9zdGF0dXMvb2Nz

cDAdBgNVHQ4EFgQUIQ74OrST5/F+mJ40j77ZAaeVKF4wDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME

GDAWgBQhDvg6tJPn8X6YnjSPvtkBp5UoXjCCAQMGA1UdHwSB+zCB+DCB9aCBm6CBmIaBlWh0dHA6

Ly9hYy5kcy5jb21tdW4udGVzdC5mYzJjb25zb3J0aXVtLm9yZzo4MDgwL2VqYmNhL3B1YmxpY3dl

Yi93ZWJkaXN0L2NlcnRkaXN0P2NtZD1jcmwmaXNzdWVyPUNOPUZDMiBBQyB0ZWxlY29tLCBPPWZj

MmNvbnNvcnRpdW0ub3JnLCBPVT10ZXN0LCBDPUZSolWkUzBRMRcwFQYDVQQDDA5GQzIgQUMgdGVs

ZWNvbTEaMBgGA1UECgwRZmMyY29uc29ydGl1bS5vcmcxDTALBgNVBAsMBHRlc3QxCzAJBgNVBAYT

AkZSMA4GA1UdDwEB/wQEAwIBRjANBgkqhkiG9w0BAQUFAAOCAQEAG8XIraEB6jY1qrGCqYbbEiRj

4KwEVaq8e6nqB7HJZVc9v9HDS3vSrWWZf84XKNoWUAVEE4uhjG4RrUB/QPPnVD/SFi52eHy10D3u

8fryr5mtxG05MtVRd76biE+wtdnDzlElzFJ0TBlcSlQ2lB9Sc/Va8CLN0fx1Nr8pe5To4VzMXoEr

mk7aQJKeVcsrVDqwuOCPLTw8/WsQPUtgnzkYu+uSG5bOr/aYRZKQOTY5aBsr2DKBedNV6XQ6ucVx

3aW4vwNMmnfXrUUmZ6miXCc2A3/hMjx9uZO2pV5QWzRlyY86eMpEvE+usVZB9S+67hnm6GaHb4FF

05UF8HsIfCuyeA=="/>

<parameter name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://www.fc2consortium.org/ws/2008/10/identity/claims/cnienumber http://www.fc2consortium.org/ws/2008/10/identity/claims/civility http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://www.fc2consortium.org/ws/2008/10/identity/claims/placeofbirth http://www.fc2consortium.org/ws/2008/10/identity/claims/departmentofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress "/>

<parameter name="issuer" value="https://ip-idservices.orange.gouv.test.fc2consortium.org/BanditIdP/services/Trust"/>

<parameter name="issuerPolicy" value=""/>

<parameter name="privacyUrl" value=""/>

<parameter name="privacyVersion" value="0"/>

</parameters>

</hbx_request>

Not Working Request:

<hbx_request>

<object_name>xmlToken</object_name>

<document_URL>https://ej.ds.bancaire.test.fc2consortium.org:6443/RPEnqueteJudiciaire/</document_URL>

<parameters>

<parameter name="TokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/>

<parameter name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/qualite https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/parquet https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/employeenumber https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/telephonenumber https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/service https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/grade https://idp.ds.interieur.test.fc2consortium.org/ws/2005/05/identity/claims/competence "/>

<parameter name="issuer" value=""/>

<parameter name="issuerPolicy" value=""/>

<parameter name="privacyUrl" value=""/>

<parameter name="privacyVersion" value="0"/>

</parameters>

</hbx_request>

Best regards,

Thomas Pasquier
Gemalto

Tel: +33 1 55 01 60 69
6 rue de la Verriere
92197 Meudon Cedex

thomas.pasquier@gemalto.com
www.gemalto.com

Follow-Ups:
- [higgins-dev] RE: [I-Card Selector Switch]Server certificate not transmit to Selector
  - From: Smadja Philippe

References:
- [higgins-dev] [I-Card Selector Switch]Server certificate not transmit to Selector
  - From: PASQUIER thomas

Prev by Date: [higgins-dev] [I-Card Selector Switch]Server certificate not transmit to Selector
Next by Date: [higgins-dev] RE: [I-Card Selector Switch]Server certificate not transmit to Selector
Previous by thread: [higgins-dev] [I-Card Selector Switch]Server certificate not transmit to Selector
Next by thread: [higgins-dev] RE: [I-Card Selector Switch]Server certificate not transmit to Selector
Index(es):
- Date
- Thread

Breadcrumbs