[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [higgins-dev] Could Selector Submit Issue
|
Hello,
I'm not sure, but it seems the issue with RP policy.
Michael, would you open soap monitor (/cardsync-new/SOAPMonitor) and debug/compare requests from the cloud selector and Azigo. You also may compare requests to test server rh155.azigo.net by using http://rh155.azigo.net/cardsync-new/SOAPMonitor. (Soap monitor is axis java applet, so your web browser needs java plugin).
--
thanks,
Alexander Yuhimenko
On Thu, 21 Jan 2010 13:14:57 -0500
Markus Sabadello <markus.sabadello@xxxxxxxxx> wrote:
> It's not the proxy.test application that requests a token.
> What happens is that the proxy.web application makes a call to RPPS which
> then requests a token from the STS.
>
> It may be helpful if you could tell us the exact error message you are
> getting.
>
> But in any case, I agree it seems wrong that the <TokenType> and <Claims>
> elements are empty.
>
> Does anyone on the list know why a getTokenObject() RPPS call like the
> following:
>
> TokenResponseTO tokenResponseNotEncrypted = sei.getTokenObject(
> username,
> password,
> policy,
> "cardspace",
> "",
> new String[] { selectedCardTo.getCardId() } ,
> "ITSUsernamePasswordCredential",
> new String[] {
> "url",
> "saveCard",
> "saveCredential",
> "address",
> "metadataAddress",
> "username",
> "password"
> },
> new String[] {
> request.getRequestURL().toString(),
> "false",
> saveCredential ? "true" : "false",
> uiTokenServiceCredential == null ? "" :
> uiTokenServiceCredential.getAddress(),
> uiTokenServiceCredential == null ? "" :
> uiTokenServiceCredential.getMetadataAddress(),
> cardUsername == null ? "" : cardUsername,
> cardPassword == null ? "" : cardPassword
> });
>
> ... could result in RPPS sending an RST with empty <TokenType> and <Claims>
> ??
>
> Markus
>
> On Thu, Jan 21, 2010 at 11:48 AM, Booth, Michael <Michael.Booth@xxxxxxxxx>wrote:
>
> >
> > I have installed the TokenService, cardsync, rp-simple, and the cloud
> > selector. I am able to create cards from the token service and import them
> > into my local cardsync through azigo desktop by pointing it into my local
> > version of cardsync. I am able to use that card on the rp-simple site
> > running locally. I am able to get through ModeAuth in the CloudSelector
> > (proxy.test) web application successfully, however if I try to use any of
> > the other tabs on the proxy.test web app pointing to my local cloud selector
> > I get an error on the Axis Error on the TokenService stating that there is
> > no configuration. I have captured the successful soap request from the
> > rp-simple app and the bad request from the proxy.test app using the cloud
> > selector and noticed that the proxy.test app request does not contain a
> > TokenType or Required Claims as the rp-simple request does (please see
> > below).
> >
> > What and where do I have to configure to fix this.
> >
> >
> > THE GOOD REQUEST (FROM RP-SIMPLE):
> > ----------------------------------
> > 11:57:17,680 DEBUG LogHelper.trace (71): Request: <S:Envelope xmlns:S="
> > http://ww
> > w.w3.org/2003/05/soap-envelope"><S:Header><Security xmlns="
> > http://docs.oasis-ope
> > n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp
> > xml
> > ns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> >
> > ty-1.0.xsd"><wsu:Created>2010-01-20T16:57:13.258Z</wsu:Created><wsu:Expires>2010
> > -01-27T16:57:13.258Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
> > xmlns:wsse
> > ="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0
> > .
> > xsd"><wsse:Username>mbooth</wsse:Username><wsse:Password Type="
> > http://docs.oasis
> > -
> > open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> > ">
> > mbooth</wsse:Password></wsse:UsernameToken></Security><To xmlns="
> > http://www.w3.o
> > rg/2005/08/addressing">https://localhost:9443/TokenService/services/Trust
> > </To><A
> > ction xmlns="http://www.w3.org/2005/08/addressing";>
> > http://schemas.xmlsoap.org/ws
> > /2005/02/trust/RST/Issue</Action><ReplyTo xmlns="
> > http://www.w3.org/2005/08/addre
> > ssing">
> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> > </ReplyTo><MessageID xmlns="http://www.w3.org/2005/08/addressing
> > ">uuid:c050b9ff-
> >
> > c9d2-484b-928e-20067b301caf</MessageID></S:Header><S:Body><wst:RequestSecurityTo
> > ken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:ns10="
> > http://w
> > ww.w3.org/2001/10/xml-exc-c14n#" xmlns:ns6="
> > http://schemas.xmlsoap.org/ws/2006/0
> > 2/addressingidentity" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#";
> > xmlns:wsa="
> > http://www.w3.org/2005/08/addressing"; xmlns:wsp="
> > http://schemas.xmlsoap.org/ws/2
> > 004/09/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";
> > xmlns:wsse=
> > "
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.x
> > sd" xmlns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > y-utility-1.0.xsd"><wst:RequestType>
> > http://schemas.xmlsoap.org/ws/2005/02/trust/
> > Issue</wst:RequestType><InformationCardReference:InformationCardReference
> > xmlns:
> > InformationCardReference="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > xmlns=
> > "http://schemas.xmlsoap.org/ws/2005/05/identity
> > "><InformationCardReference:CardI
> >
> > d>urn:Sample-XML-File&cardid=mbooth-local-wednesday</InformationCardReferenc
> >
> > e:CardId><InformationCardReference:CardVersion>1</InformationCardReference:CardV
> >
> > ersion></InformationCardReference:InformationCardReference><ic:RequestDisplayTok
> > en xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > xml:lang="en-us"/><
> >
> > wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType><wst:Claims><
> > ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > Uri="http
> > ://
> > schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
> > "/><i
> > c:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > Uri="http:
> > //schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
> > "/></wst:Claims><ws
> >
> > t:Lifetime><wsu:Created>2010-01-20T11:57:17.605Z</wsu:Created><wsu:Expires>2010-
> > 01-21T11:57:17.605Z</wsu:Expires></wst:Lifetime><wst:KeyType>
> > http://schemas.xmls
> > oap.org/ws/2005/05/identity/NoProofKey</wst:KeyType><ic:ClientPseudonym
> > xmlns:ic
> > ="http://schemas.xmlsoap.org/ws/2005/05/identity
> > "><ic:PPID>QbxIK8+UQzkJfozeqaUcb
> >
> > ACRO9fj33bqs3GG0/W2okI=</ic:PPID></ic:ClientPseudonym></wst:RequestSecurityToken
> > ></S:Body></S:Envelope>
> >
> >
> > THE BAD REQUEST (FROM PROXY.TEST):
> > ----------------------------------
> >
> > 11:58:33,011 DEBUG LogHelper.trace (71): Request: <S:Envelope xmlns:S="
> > http://ww
> > w.w3.org/2003/05/soap-envelope"><S:Header><Security xmlns="
> > http://docs.oasis-ope
> > n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp
> > xml
> > ns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> >
> > ty-1.0.xsd"><wsu:Created>2010-01-20T16:58:32.862Z</wsu:Created><wsu:Expires>2010
> > -01-27T16:58:32.862Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
> > xmlns:wsse
> > ="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0
> > .
> > xsd"><wsse:Username>mbooth</wsse:Username><wsse:Password Type="
> > http://docs.oasis
> > -
> > open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> > ">
> > mbooth</wsse:Password></wsse:UsernameToken></Security><To xmlns="
> > http://www.w3.o
> > rg/2005/08/addressing">https://localhost:9443/TokenService/services/Trust
> > </To><A
> > ction xmlns="http://www.w3.org/2005/08/addressing";>
> > http://schemas.xmlsoap.org/ws
> > /2005/02/trust/RST/Issue</Action><ReplyTo xmlns="
> > http://www.w3.org/2005/08/addre
> > ssing">
> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> > </ReplyTo><MessageID xmlns="http://www.w3.org/2005/08/addressing
> > ">uuid:c0d27080-
> >
> > e2de-4428-b294-505b4c5c85d2</MessageID></S:Header><S:Body><wst:RequestSecurityTo
> > ken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:ns10="
> > http://w
> > ww.w3.org/2001/10/xml-exc-c14n#" xmlns:ns6="
> > http://schemas.xmlsoap.org/ws/2006/0
> > 2/addressingidentity" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#";
> > xmlns:wsa="
> > http://www.w3.org/2005/08/addressing"; xmlns:wsp="
> > http://schemas.xmlsoap.org/ws/2
> > 004/09/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";
> > xmlns:wsse=
> > "
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.x
> > sd" xmlns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > y-utility-1.0.xsd"><wst:RequestType>
> > http://schemas.xmlsoap.org/ws/2005/02/trust/
> > Issue</wst:RequestType><InformationCardReference:InformationCardReference
> > xmlns:
> > InformationCardReference="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > xmlns=
> > "http://schemas.xmlsoap.org/ws/2005/05/identity
> > "><InformationCardReference:CardI
> >
> > d>urn:Sample-XML-File&cardid=mbooth-local-wednesday</InformationCardReferenc
> >
> > e:CardId><InformationCardReference:CardVersion>1</InformationCardReference:CardV
> >
> > ersion></InformationCardReference:InformationCardReference><ic:RequestDisplayTok
> > en xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";
> > xml:lang="en-us"/><
> >
> > wst:TokenType/><wst:Claims/><wst:Lifetime><wsu:Created>2010-01-20T11:58:32.966Z<
> >
> > /wsu:Created><wsu:Expires>2010-01-21T11:58:32.966Z</wsu:Expires></wst:Lifetime><
> > wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
> > </wst:KeyTy
> > pe><ic:ClientPseudonym xmlns:ic="
> > http://schemas.xmlsoap.org/ws/2005/05/identity";
> >
> > ><ic:PPID>FDnw3jHirmTKn7byTvNx+1rGhEVE//3RYa+MSkUVvMk=</ic:PPID></ic:ClientPseud
> > onym></wst:RequestSecurityToken></S:Body></S:Envelope>
> >
> > ______________________________________________________________________
> > Disclaimer: This email message and any attachments are for the sole use of
> > the intended recipient(s) and may contain information that is confidential,
> > legally privileged or otherwise exempt from disclosure under applicable law.
> > If you are not the intended recipient(s) or have received this message in
> > error, you are instructed to immediately notify the sender by return email
> > and required to delete this message from your computer system. This
> > communication does not form any contractual obligation on behalf of the
> > sender, the sender's employer or such employer's parent company, affiliates
> > or subsidiaries.
> >
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >
> >
