Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] Re: Problem sending cards to CardSync 
I've had to redeploy everything on a new server, so I've taken the
opportunity to use two instances of tomcat. One for CardSync and one
for the STS/RP/CloudSelector. That way, configuration files and logs
are more separated. I'm still not able to send card to CardSync
though...

I've paid a close attention to the logs while I'm creating a user, a
card and importing it using the Azigo Selector. There's no errors
whatsoever during this process. Then, I've tried to manually make a
getTokenObject SOAP call to CardSync. This is the call I've made:

<soapenv:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsd="urn:RPPSService/wsdlRPPSService"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
   <soapenv:Header/>
   <soapenv:Body>
      <wsd:getTokenObject
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
         <userId xsi:type="xsd:string">foo9</userId>
         <password xsi:type="xsd:string">bar9</password>
         <policy xsi:type="xsd:string">
	 &lt;object type="application/x-informationCard" name="xmlToken"&gt;
	   &lt;param name="privacyUrl"
value="http://wiki.eclipse.org/Cloud_Selector"; /&gt;
	   &lt;param name="privacyVersion" value="1" /&gt;
	   &lt;param name="tokenType"
value="urn:oasis:names:tc:SAML:1.0:assertion" /&gt;
	   &lt;param name="requiredClaims"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
/&gt;
	   &lt;param name="optionalClaims"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
/&gt;
	 &lt;/object&gt;
	</policy>
         <policytype xsi:type="xsd:string">cardspace</policytype>
         <sslCert xsi:type="xsd:string"></sslCert>
         <cuids xsi:type="wsd:ArrayOf_xsd_string"
soapenc:arrayType="xsd:string[]">
	   <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&amp;cardid=upass_foo9</item>
         </cuids>
         <typeofCredential
xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential>
         <credentialKey xsi:type="wsd:ArrayOf_xsd_string"
soapenc:arrayType="xsd:string[]">
	   <item>url</item>
           <item>saveCard</item>
	   <item>saveCredential</item>
	   <item>address</item>
           <item>metadataAddress</item>
           <item>username</item>
	   <item>password</item>
         </credentialKey>
         <credentialValue xsi:type="wsd:ArrayOf_xsd_string"
soapenc:arrayType="xsd:string[]">
           <item>http://<my server's
IP>:8080/proxy.web/server-carddetails</item>
           <item>false</item>
	   <item>false</item>
	   <item>https://localhost:8443/TokenService/services/Trust</item>
	   <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item>
	   <item>foo9</item>
           <item>bar9</item>
         </credentialValue>
      </wsd:getTokenObject>
   </soapenv:Body>
</soapenv:Envelope>

I've attached the logs for CardSync and for the TokenService
corresponding to that operation. Note that in the logs, I'm starting
the server, making the SOAP request and stopping the server. Noting
more. I've been scrutinizing the logs, my config files and trying to
fix that problem for quite some time now, but I can't find the cause
or the solution to my problem. I think that this part, in the
TokenService logs might have something to do with it, but I'm not
sure:

AxisFault
 faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
 faultSubcode:
 faultString: The specified request failed
 faultActor:
 faultNode:
 faultDetail:
        {}Explanation:No Configuration Found.

What kind of configuration is this referring to?

Well anyway, If any of you has a couple of minutes to spare and could
help, I'd really appreciate it.

Thanks,
Jonathan


On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier
<jonathan.tellier@xxxxxxxxx> wrote:
> Hello,
>
> I've attached logs for all steps in the process:
>
> - Staring the server
> - Creating a card with the STS
> - Importing a card with the Azigo selector
> - Logging to the test RP with the CloudSelector
>
> As for my config files, which ones do you want?
>
> Since I start tomcat with the following java opts:
>  -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles
> -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
> -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties
> -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks
> -Djava.library.path=$CATALINA_HOME/native_lib/
> -Duser.home=/usr/share/higgins
>
> I've attached the content of:
> - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles
> - /usr/share/higgins
>
> Is there any other info that you would need?
>
> Thanks,
> Jonathan
>
>
> On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov <slyakhov@xxxxxxxxxxxxxx> wrote:
>> Jonathan,
>>
>>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"? If
>>> it's the case, where could I find a template of that file?
>>
>> ProvidersConfiguration.xml is just an alternative way of ICard
>> providers configuration and should not affect on RPPS. What version of
>> RPPS do you use? Can you provide your configuration files / error log?
>>
>> Thanks,
>> Sergey Lyakhov
>>
>> On Tue, 23 Mar 2010 14:44:26 -0400
>> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>>
>>> I think I might have found something of interest. As I've mentioned
>>> earlier, I get a FileNotFoundException on
>>> "ProvidersConfiguration.xml". Now, I've just realized that this error
>>> also occurs when I'm trying to import a card. After some research,
>>> I've learned that I-Card Providers manage the persistence of I-Cards.
>>> So, would it be possible that the reason why I can't send I-Cards
>>> using the CloudSelector is actually because the cards are not properly
>>> imported? From what I can deduce, this would make sense since in the
>>> stack trace that I see when trying to send a card, there seem to be
>>> some problems parsing the card data.
>>>
>>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"? If
>>> it's the case, where could I find a template of that file?
>>>
>>> Thanks,
>>> Jonathan
>>>
>>>
>>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier
>>> <jonathan.tellier@xxxxxxxxx> wrote:
>>> > In the past few days, I've done some debugging and have found out a
>>> > small piece of information that I hope could be useful. Basically,
>>> > I've figured out the parameters which are used to when performing
>>> > the getTokenObject SOAP call where trying to use a
>>> > username/password card. Here there are:
>>> >
>>> > userId: foo
>>> >
>>> > password: bar
>>> >
>>> > policy:
>>> > <object type="application/x-informationCard" name="xmlToken">
>>> > <param name="privacyUrl"
>>> > value="http://wiki.eclipse.org/Cloud_Selector"; /> <param
>>> > name="privacyVersion" value="1" /> <param name="tokenType"
>>> > value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param
>>> > name="requiredClaims"
>>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
>>> > <param name="optionalClaims"
>>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
>>> > </object>
>>> >
>>> > policytype: cardspace
>>> >
>>> > sslCert:
>>> >
>>> > cuids:
>>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my
>>> > server's
>>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto
>>> >
>>> > typeofCredential: ITSUsernamePasswordCredential
>>> >
>>> > credentialKey:
>>> > url
>>> > saveCard
>>> > saveCredential
>>> > address
>>> > metadataAddress
>>> > username
>>> > password
>>> >
>>> > credentialValue:
>>> > http://<my server's address>/proxy.web/server-carddetails
>>> > false
>>> > false
>>> > https://<my server's address>/TokenService/services/Trust
>>> > https://<my server's
>>> > address>/TokenService/services/MetadataUsernameToken foo
>>> > bar
>>> >
>>> > I've also tried to manually send a SOAP request to CardSync and also
>>> > to use a card from https://openidcards.sxip.com/, but in both
>>> > cases, I get the same "The specified request failed" error. I would
>>> > like to try the http://higgins.eclipse.org/TokenService STS, but
>>> > for every action I try to perform using it, I get:
>>> >
>>> > exception: javax.naming.CommunicationException:
>>> > higgins.watson.ibm.com:636 [Root exception is
>>> > java.net.ConnectException: Connection refused]
>>> >
>>> > So, is there something wrong with the parameters that are used? Does
>>> > anyone has an idea about how I could solve my problem?
>>> >
>>> > Thanks,
>>> > Jonathan
>>> >
>>> >
>>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier
>>> > <jonathan.tellier@xxxxxxxxx> wrote:
>>> >> Hello there,
>>> >>
>>> >> I think that I'm almost done with my local deployment of the
>>> >> CloudSelector/CardSync/TokenService, but I've still got some
>>> >> problems. When I try to send a personal card or a card that uses a
>>> >> Username Token, I get a STSFaultException caused by this error:
>>> >>
>>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1] LogHelper.error
>>> >> (LogHelper.java:119) - No Extension Configuration Found.
>>> >>
>>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1]
>>> >> CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) -
>>> >> Returning
>>> >>  STS Fault: No Configuration Found.
>>> >>
>>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1]
>>> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
>>> >> org.eclipse.hig
>>> >> gins.icard.provider.cardspace.common.STSFaultException
>>> >>
>>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
>>> >>        at
>>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496)
>>> >> at
>>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245)
>>> >> at
>>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310)
>>> >> at
>>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438)
>>> >> at
>>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830)
>>> >> [... stacktrace continues ...]
>>> >>
>>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6] CardsServlet.error
>>> >> (CardsServlet.java:103) - Sorry, we could not process the OpenID
>>> >> request: The specified request failed
>>> >>
>>> >> AxisFault
>>> >>  faultCode:
>>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
>>> >> faultSubcode: faultString: The specified request failed
>>> >>  faultActor: STS
>>> >>  faultNode:
>>> >>  faultDetail:
>>> >>        {http://xml.apache.org/axis/}hostname:salmond
>>> >>
>>> >> When I try to send a card that uses a Self Signed SAML Token, I
>>> >> get: org.eclipse.higgins.iss.ISSException: Cannot find the
>>> >> Personal card used to authenticate for this managed card.
>>> >>
>>> >> When logging with the card selector, I've also got this error, but
>>> >> I don't know if it's relevant or not since it does not prevent any
>>> >> actions.
>>> >>
>>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1]
>>> >> ICardSelectorService.getICardSelector
>>> >> (ICardSelectorService.java:148)
>>> >> - org.eclipse.higgins.iss.PolicyParseException: Can not parse
>>> >> password managed policy. Root element is not PwmPolicy
>>> >>
>>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>>> >> ConfigurationHandler.omFromFile (ConfigurationHandler.java:180) -
>>> >> java.io.FileNotFoundException:
>>> >> /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>>> >> (No such file or directory)
>>> >>
>>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>>> >> ConfigurationHandler.configure (ConfigurationHandler.java:288) -
>>> >> /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>>> >> (No such file or directory)
>>> >>
>>> >> What is this "ProvidersConfiguration.xml" file? I could not find
>>> >> any reference to it anywhere.
>>> >>
>>> >> Finally, when configuring my deployment, I've had to comment out
>>> >> references to some classes in the "ClientConfiguration.xml" file.
>>> >> I've had to comment references to
>>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler" and
>>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler"
>>> >> because they don't seem to be present in B-1-1M7 and to
>>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory"
>>> >> because the instance returned was always null. Could this be
>>> >> related to the problems I'm encountering when trying to send cards?
>>> >>
>>> >> I would like to provide more information regarding those errors,
>>> >> but I don't really understand them... So if any of you has any
>>> >> ideas about the cause of those errors, please share them because
>>> >> at this point, any help would be gladly appreciated.
>>> >>
>>> >> Thanks,
>>> >> Jonathan
>>> >>
>>> >
>>> _______________________________________________
>>> higgins-dev mailing list
>>> higgins-dev@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>>>
>>
>>
>>
>

Attachment: logs.zip
Description: Zip archive

Back to the top