[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [higgins-dev] Re: Problem sending cards to CardSync
|
Hi,
Thank you for taking the time to try to help me.
> 1. I did not found any critical error in your RPPS log. Suppose it
> should successfully create and send p-cards. Is it correct?
No. I can create personal (and managed) cards, but I can't send any.
When I try to send a personal card, I get:
AxisFault
faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
faultSubcode:
faultString: The specified request failed
faultActor: STS
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:higgins
By looking at that error, I would imagine that some configuration that
should point to my host is not set correctly, but I can't find it.
> 2. Does you try to send a m-card of your STS? I see the following in
> your STS log:
> ......
Yes, this error occurs when I try to send a managed card. I've updated
my ManagedConfiguration.xml, but the error still happens. I've
attached my new and updated config file so you can see if I've made
any errors (note that the address of the server changed since I've
deployed it elsewhere). If you need some other configuration files, I
can also send them.
Thanks for your time,
Jonathan
>
> .....
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
> faultSubcode:
> faultString: The specified request failed
> faultActor:
> faultNode:
> faultDetail:
> {}Explanation:No Configuration Found.
> ....
>
> Suppose it will be fixed after you set a correct "Issuer" URI
> ( https://207.162.8.222:8443/TokenService/services/Trust ) in
> "AppliesToMapper" section of ManagedConfiguration.xml (373 line).
>
> Thanks,
> Sergey Lyakhov
>
> On Wed, 31 Mar 2010 10:21:02 -0400
> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>
>> I've had to redeploy everything on a new server, so I've taken the
>> opportunity to use two instances of tomcat. One for CardSync and one
>> for the STS/RP/CloudSelector. That way, configuration files and logs
>> are more separated. I'm still not able to send card to CardSync
>> though...
>>
>> I've paid a close attention to the logs while I'm creating a user, a
>> card and importing it using the Azigo Selector. There's no errors
>> whatsoever during this process. Then, I've tried to manually make a
>> getTokenObject SOAP call to CardSync. This is the call I've made:
>>
>> <soapenv:Envelope
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
>> xmlns:wsd="urn:RPPSService/wsdlRPPSService"
>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
>> <soapenv:Header/>
>> <soapenv:Body>
>> <wsd:getTokenObject
>> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
>> <userId xsi:type="xsd:string">foo9</userId>
>> <password xsi:type="xsd:string">bar9</password>
>> <policy xsi:type="xsd:string">
>> <object type="application/x-informationCard"
>> name="xmlToken"> <param name="privacyUrl"
>> value="http://wiki.eclipse.org/Cloud_Selector"; />
>> <param name="privacyVersion" value="1" />
>> <param name="tokenType"
>> value="urn:oasis:names:tc:SAML:1.0:assertion" />
>> <param name="requiredClaims"
>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
>> />
>> <param name="optionalClaims"
>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
>> />
>> </object>
>> </policy>
>> <policytype xsi:type="xsd:string">cardspace</policytype>
>> <sslCert xsi:type="xsd:string"></sslCert>
>> <cuids xsi:type="wsd:ArrayOf_xsd_string"
>> soapenc:arrayType="xsd:string[]">
>> <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=upass_foo9</item>
>> </cuids>
>> <typeofCredential
>> xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential>
>> <credentialKey xsi:type="wsd:ArrayOf_xsd_string"
>> soapenc:arrayType="xsd:string[]">
>> <item>url</item>
>> <item>saveCard</item>
>> <item>saveCredential</item>
>> <item>address</item>
>> <item>metadataAddress</item>
>> <item>username</item>
>> <item>password</item>
>> </credentialKey>
>> <credentialValue xsi:type="wsd:ArrayOf_xsd_string"
>> soapenc:arrayType="xsd:string[]">
>> <item>http://<my server's
>> IP>:8080/proxy.web/server-carddetails</item>
>> <item>false</item>
>> <item>false</item>
>> <item>https://localhost:8443/TokenService/services/Trust</item>
>> <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item>
>> <item>foo9</item>
>> <item>bar9</item>
>> </credentialValue>
>> </wsd:getTokenObject>
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>> I've attached the logs for CardSync and for the TokenService
>> corresponding to that operation. Note that in the logs, I'm starting
>> the server, making the SOAP request and stopping the server. Noting
>> more. I've been scrutinizing the logs, my config files and trying to
>> fix that problem for quite some time now, but I can't find the cause
>> or the solution to my problem. I think that this part, in the
>> TokenService logs might have something to do with it, but I'm not
>> sure:
>>
>> AxisFault
>> faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
>> faultSubcode:
>> faultString: The specified request failed
>> faultActor:
>> faultNode:
>> faultDetail:
>> {}Explanation:No Configuration Found.
>>
>> What kind of configuration is this referring to?
>>
>> Well anyway, If any of you has a couple of minutes to spare and could
>> help, I'd really appreciate it.
>>
>> Thanks,
>> Jonathan
>>
>>
>> On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier
>> <jonathan.tellier@xxxxxxxxx> wrote:
>> > Hello,
>> >
>> > I've attached logs for all steps in the process:
>> >
>> > - Staring the server
>> > - Creating a card with the STS
>> > - Importing a card with the Azigo selector
>> > - Logging to the test RP with the CloudSelector
>> >
>> > As for my config files, which ones do you want?
>> >
>> > Since I start tomcat with the following java opts:
>> > -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>> > -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
>> > -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties
>> > -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks
>> > -Djava.library.path=$CATALINA_HOME/native_lib/
>> > -Duser.home=/usr/share/higgins
>> >
>> > I've attached the content of:
>> > - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>> > - /usr/share/higgins
>> >
>> > Is there any other info that you would need?
>> >
>> > Thanks,
>> > Jonathan
>> >
>> >
>> > On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov
>> > <slyakhov@xxxxxxxxxxxxxx> wrote:
>> >> Jonathan,
>> >>
>> >>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"?
>> >>> If it's the case, where could I find a template of that file?
>> >>
>> >> ProvidersConfiguration.xml is just an alternative way of ICard
>> >> providers configuration and should not affect on RPPS. What
>> >> version of RPPS do you use? Can you provide your configuration
>> >> files / error log?
>> >>
>> >> Thanks,
>> >> Sergey Lyakhov
>> >>
>> >> On Tue, 23 Mar 2010 14:44:26 -0400
>> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>> >>
>> >>> I think I might have found something of interest. As I've
>> >>> mentioned earlier, I get a FileNotFoundException on
>> >>> "ProvidersConfiguration.xml". Now, I've just realized that this
>> >>> error also occurs when I'm trying to import a card. After some
>> >>> research, I've learned that I-Card Providers manage the
>> >>> persistence of I-Cards. So, would it be possible that the reason
>> >>> why I can't send I-Cards using the CloudSelector is actually
>> >>> because the cards are not properly imported? From what I can
>> >>> deduce, this would make sense since in the stack trace that I see
>> >>> when trying to send a card, there seem to be some problems
>> >>> parsing the card data.
>> >>>
>> >>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"?
>> >>> If it's the case, where could I find a template of that file?
>> >>>
>> >>> Thanks,
>> >>> Jonathan
>> >>>
>> >>>
>> >>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier
>> >>> <jonathan.tellier@xxxxxxxxx> wrote:
>> >>> > In the past few days, I've done some debugging and have found
>> >>> > out a small piece of information that I hope could be useful.
>> >>> > Basically, I've figured out the parameters which are used to
>> >>> > when performing the getTokenObject SOAP call where trying to
>> >>> > use a username/password card. Here there are:
>> >>> >
>> >>> > userId: foo
>> >>> >
>> >>> > password: bar
>> >>> >
>> >>> > policy:
>> >>> > <object type="application/x-informationCard" name="xmlToken">
>> >>> > <param name="privacyUrl"
>> >>> > value="http://wiki.eclipse.org/Cloud_Selector"; /> <param
>> >>> > name="privacyVersion" value="1" /> <param name="tokenType"
>> >>> > value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param
>> >>> > name="requiredClaims"
>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
>> >>> > <param name="optionalClaims"
>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>> >>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
>> >>> > </object>
>> >>> >
>> >>> > policytype: cardspace
>> >>> >
>> >>> > sslCert:
>> >>> >
>> >>> > cuids:
>> >>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my
>> >>> > server's
>> >>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto
>> >>> >
>> >>> > typeofCredential: ITSUsernamePasswordCredential
>> >>> >
>> >>> > credentialKey:
>> >>> > url
>> >>> > saveCard
>> >>> > saveCredential
>> >>> > address
>> >>> > metadataAddress
>> >>> > username
>> >>> > password
>> >>> >
>> >>> > credentialValue:
>> >>> > http://<my server's address>/proxy.web/server-carddetails
>> >>> > false
>> >>> > false
>> >>> > https://<my server's address>/TokenService/services/Trust
>> >>> > https://<my server's
>> >>> > address>/TokenService/services/MetadataUsernameToken foo
>> >>> > bar
>> >>> >
>> >>> > I've also tried to manually send a SOAP request to CardSync and
>> >>> > also to use a card from https://openidcards.sxip.com/, but in
>> >>> > both cases, I get the same "The specified request failed"
>> >>> > error. I would like to try the
>> >>> > http://higgins.eclipse.org/TokenService STS, but for every
>> >>> > action I try to perform using it, I get:
>> >>> >
>> >>> > exception: javax.naming.CommunicationException:
>> >>> > higgins.watson.ibm.com:636 [Root exception is
>> >>> > java.net.ConnectException: Connection refused]
>> >>> >
>> >>> > So, is there something wrong with the parameters that are used?
>> >>> > Does anyone has an idea about how I could solve my problem?
>> >>> >
>> >>> > Thanks,
>> >>> > Jonathan
>> >>> >
>> >>> >
>> >>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier
>> >>> > <jonathan.tellier@xxxxxxxxx> wrote:
>> >>> >> Hello there,
>> >>> >>
>> >>> >> I think that I'm almost done with my local deployment of the
>> >>> >> CloudSelector/CardSync/TokenService, but I've still got some
>> >>> >> problems. When I try to send a personal card or a card that
>> >>> >> uses a Username Token, I get a STSFaultException caused by
>> >>> >> this error:
>> >>> >>
>> >>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1] LogHelper.error
>> >>> >> (LogHelper.java:119) - No Extension Configuration Found.
>> >>> >>
>> >>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1]
>> >>> >> CardSpaceSelector.getIdentityToken
>> >>> >> (CardSpaceSelector.java:495) - Returning
>> >>> >> STS Fault: No Configuration Found.
>> >>> >>
>> >>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1]
>> >>> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
>> >>> >> org.eclipse.hig
>> >>> >> gins.icard.provider.cardspace.common.STSFaultException
>> >>> >>
>> >>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
>> >>> >> at
>> >>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496)
>> >>> >> at
>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245)
>> >>> >> at
>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310)
>> >>> >> at
>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438)
>> >>> >> at
>> >>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830)
>> >>> >> [... stacktrace continues ...]
>> >>> >>
>> >>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6] CardsServlet.error
>> >>> >> (CardsServlet.java:103) - Sorry, we could not process the
>> >>> >> OpenID request: The specified request failed
>> >>> >>
>> >>> >> AxisFault
>> >>> >> faultCode:
>> >>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
>> >>> >> faultSubcode: faultString: The specified request failed
>> >>> >> faultActor: STS
>> >>> >> faultNode:
>> >>> >> faultDetail:
>> >>> >> {http://xml.apache.org/axis/}hostname:salmond
>> >>> >>
>> >>> >> When I try to send a card that uses a Self Signed SAML Token, I
>> >>> >> get: org.eclipse.higgins.iss.ISSException: Cannot find the
>> >>> >> Personal card used to authenticate for this managed card.
>> >>> >>
>> >>> >> When logging with the card selector, I've also got this error,
>> >>> >> but I don't know if it's relevant or not since it does not
>> >>> >> prevent any actions.
>> >>> >>
>> >>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1]
>> >>> >> ICardSelectorService.getICardSelector
>> >>> >> (ICardSelectorService.java:148)
>> >>> >> - org.eclipse.higgins.iss.PolicyParseException: Can not parse
>> >>> >> password managed policy. Root element is not PwmPolicy
>> >>> >>
>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>> >>> >> ConfigurationHandler.omFromFile
>> >>> >> (ConfigurationHandler.java:180) -
>> >>> >> java.io.FileNotFoundException: /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>> >>> >> (No such file or directory)
>> >>> >>
>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>> >>> >> ConfigurationHandler.configure (ConfigurationHandler.java:288)
>> >>> >> - /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>> >>> >> (No such file or directory)
>> >>> >>
>> >>> >> What is this "ProvidersConfiguration.xml" file? I could not
>> >>> >> find any reference to it anywhere.
>> >>> >>
>> >>> >> Finally, when configuring my deployment, I've had to comment
>> >>> >> out references to some classes in the
>> >>> >> "ClientConfiguration.xml" file. I've had to comment references
>> >>> >> to
>> >>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler"
>> >>> >> and
>> >>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler"
>> >>> >> because they don't seem to be present in B-1-1M7 and to
>> >>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory"
>> >>> >> because the instance returned was always null. Could this be
>> >>> >> related to the problems I'm encountering when trying to send
>> >>> >> cards?
>> >>> >>
>> >>> >> I would like to provide more information regarding those
>> >>> >> errors, but I don't really understand them... So if any of you
>> >>> >> has any ideas about the cause of those errors, please share
>> >>> >> them because at this point, any help would be gladly
>> >>> >> appreciated.
>> >>> >>
>> >>> >> Thanks,
>> >>> >> Jonathan
>> >>> >>
>> >>> >
>> >>> _______________________________________________
>> >>> higgins-dev mailing list
>> >>> higgins-dev@xxxxxxxxxxx
>> >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>> >>>
>> >>
>> >>
>> >>
>> >
>
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>
<!--
/*******************************************************************************
* Copyright (c) 2006 IBM Corporation.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Michael McIntosh (IBM Corporation) - initial definition
*******************************************************************************/
-->
<Configuration
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns="http://higgins.eclipse.org/sts/Configuration";
xmlns:htf="http://higgins.eclipse.org/sts/Configuration";
xsd:schemaLocation="http://higgins.eclipse.org/sts/Configuration Configuration.xsd ">
<!-- The setting handlers are classes that consume Setting elements where the Type matches and generate an object of the Class -->
<SettingHandlers>
<SettingHandler Type="htf:map" Class="java.util.Map" Handler="org.eclipse.higgins.configuration.xml.MapHandler"/>
<SettingHandler Type="htf:list" Class="java.util.List" Handler="org.eclipse.higgins.configuration.xml.ListHandler"/>
<SettingHandler Type="xsd:string" Class="java.lang.String" Handler="org.eclipse.higgins.configuration.xml.StringHandler"/>
<SettingHandler Type="xsd:boolean" Class="java.lang.Boolean" Handler="org.eclipse.higgins.configuration.xml.BooleanHandler"/>
<SettingHandler Type="xsd:anyURI" Class="java.net.URI" Handler="org.eclipse.higgins.configuration.xml.URIHandler"/>
<SettingHandler Type="htf:file" Class="java.io.FileInputStream" Handler="org.eclipse.higgins.configuration.xml.FileHandler"/>
<SettingHandler Type="htf:keystore" Class="java.security.KeyStore" Handler="org.eclipse.higgins.configuration.xml.KeyStoreHandler"/>
<SettingHandler Type="htf:certificate" Class="java.lang.String" Handler="org.eclipse.higgins.configuration.xml.CertificateHandler"/>
<SettingHandler Type="htf:privatekey" Class="java.security.PrivateKey" Handler="org.eclipse.higgins.configuration.xml.PrivateKeyHandler"/>
<SettingHandler Type="htf:singleton" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.SingletonHandler"/>
<SettingHandler Type="htf:instance" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.InstanceHandler"/>
<SettingHandler Type="htf:extensionmap" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapHandler"/>
<SettingHandler Type="htf:extensionmapkey" Class="org.eclipse.higgins.sts.impl.ExtensionMapKey" Handler="org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapKeyHandler"/>
<SettingHandler Type="htf:appliestomap" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMapHandler"/>
<SettingHandler Type="htf:appliestomapping" Class="java.util.Map" Handler="org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMappingHandler"/>
<SettingHandler Type="htf:classinstance" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.ClassInstanceHandler"/>
<SettingHandler Type="htf:classsingleton" Class="java.lang.Object" Handler="org.eclipse.higgins.configuration.xml.ClassSingletonHandler"/>
<SettingHandler Type="htf:jscriptexec" Class="org.eclipse.higgins.util.jscript.JScriptExec" Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptExecSettingHandler"/>
<SettingHandler Type="htf:jscriptscope" Class="org.eclipse.higgins.util.jscript.JScriptScope" Handler="org.eclipse.higgins.util.idas.cp.jscript.JScriptScopeSettingHandler"/>
</SettingHandlers>
<Setting Name="STSConfiguration" Type="htf:map">
<!-- The logical name of the Token Issuer to be placed into generated cards
- optionally change "higgins.eclipse.org" to the hostname where the STS will be deployed
- need not resolve to actual endpoint
- used for matching when RP specifies an Issuer -->
<!-- <Setting Name="TokenServiceIssuerURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting> -->
<Setting Name="TokenServiceIssuerURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
<!-- The WS-Trust endpoint URL to be placed into generated cards
- change "localhost" to the hostname if not collocated with identity selector
- note that the SSL certificate must match the machine name -->
<!-- <Setting Name="TokenServiceTrustURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting> -->
<Setting Name="TokenServiceTrustURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
<!-- The WS-Transfer endpoint URL to be placed into generated cards
- when Username Tokens are used to authenticate to the IP/STS
- change "localhost" to the hostname if not collocated with identity selector
- note that the SSL certificate must match the machine name -->
<!-- <Setting Name="UsernameTokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataUsernameToken</Setting> -->
<Setting Name="UsernameTokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataUsernameToken</Setting>
<!-- The WS-Transfer endpoint URL to be placed into generated cards
- when SelfSignedSAML Tokens are used to authenticate to the IP/STS
- change "localhost" to the hostname if not collocated with identity selector
- note that the SSL certificate must match the machine name -->
<!-- <Setting Name="SelfSignedSAMLTokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataSelfSignedSAMLToken</Setting> -->
<Setting Name="SelfSignedSAMLTokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataSelfSignedSAMLToken</Setting>
<!-- The WS-Transfer endpoint URL to be placed into generated cards
- when X509 Tokens are used to authenticate to the IP/STS
- change "localhost" to the hostname if not collocated with identity selector
- note that the SSL certificate must match the machine name -->
<!-- <Setting Name="X509TokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataX509Token</Setting> -->
<Setting Name="X509TokenMetadataURI" Type="xsd:anyURI">https://localhost:8443/TokenService/services/MetadataX509Token</Setting>
<!-- Note about keystores: You may use two keystores
one (IssuerKeystore) for the signing of cards,
and another (SSLKeystore) for transport security
or you may use the same keystore for both
Change "localhost.jks" to your keystore's filename.
Note: this must be the keystore file or a soft link
to the keystore file. Either way, it must be in the
same directory as this file (Configuration.xml) -->
<!-- The Key Store that contains the Issuer and SSL Certificate(s) and Private Key -->
<Setting Name="STSKeyStore" Type="htf:keystore">
<!-- The type of the Key Store -->
<Setting Name="Type" Type="xsd:string">JKS</Setting>
<!-- The file that contains the Key Store
- location relative to the Configuration directory -->
<Setting Name="File" Type="htf:file">localhost.jks</Setting>
<!-- The password for the Key Store -->
<Setting Name="Password" Type="xsd:string">changeit</Setting>
</Setting>
<!-- The Issuer Certificate -->
<Setting Name="IssuerCertificate" Type="htf:certificate">
<!-- The Name of the Key Store that contains the Certificate -->
<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
<!-- The alias for the Certificate in the Key Store -->
<Setting Name="Alias" Type="xsd:string">leaf</Setting>
</Setting>
<!-- The Issuer Key -->
<Setting Name="IssuerPrivateKey" Type="htf:privatekey">
<!-- The Key Store that contains the Private Key -->
<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
<!-- The alias for the Private Key in the Key Store -->
<Setting Name="Alias" Type="xsd:string">leaf</Setting>
<!-- The password for the Key in the Key Store -->
<Setting Name="Password" Type="xsd:string">changeit</Setting>
</Setting>
<!-- The SSL Certificate -->
<Setting Name="SSLCertificate" Type="htf:certificate">
<!-- The Name of the Key Store that contains the Certificate -->
<Setting Name="KeyStoreName" Type="xsd:string">STSKeyStore</Setting>
<!-- The alias for the Certificate in the Key Store -->
<Setting Name="Alias" Type="xsd:string">leaf</Setting>
</Setting>
<!-- Provides the AttributeName, AttributeNamespace, and DisplayName" for each Attribute/Claim -->
<Setting Name="AttributeClaimMap" Type="htf:map">
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">givenname</Setting>
<Setting Name="AttributeName" Type="xsd:string">givenname</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">First Name</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">surname</Setting>
<Setting Name="AttributeName" Type="xsd:string">sn</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Last Name</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">emailaddress</Setting>
<Setting Name="AttributeName" Type="xsd:string">mail</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Email Address</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">streetaddress</Setting>
<Setting Name="AttributeName" Type="xsd:string">street</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Street Address</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">locality</Setting>
<Setting Name="AttributeName" Type="xsd:string">l</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Locality Name or City</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">stateorprovince</Setting>
<Setting Name="AttributeName" Type="xsd:string">st</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">State or Province</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">postalcode</Setting>
<Setting Name="AttributeName" Type="xsd:string">postalcode</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Postal Code</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">country</Setting>
<Setting Name="AttributeName" Type="xsd:string">c</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Country</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">homephone</Setting>
<Setting Name="AttributeName" Type="xsd:string">homephone</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Primary or Home Telephone Number</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">otherphone</Setting>
<Setting Name="AttributeName" Type="xsd:string">telephoneNumber</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Secondary or Work Telephone Number</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">mobilephone</Setting>
<Setting Name="AttributeName" Type="xsd:string">mobile</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Mobile Telephone Number</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">dateofbirth</Setting>
<Setting Name="AttributeName" Type="xsd:string">dateofbirth</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Date of Birth</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">gender</Setting>
<Setting Name="AttributeName" Type="xsd:string">gender</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Gender</Setting>
</Setting>
<Setting Name="http://sts.labs.live.com/2006/06/claims/nickname"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">nickname</Setting>
<Setting Name="AttributeName" Type="xsd:string">nickname</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://sts.labs.live.com/2006/06/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Nickname</Setting>
</Setting>
<Setting Name="http://burtongroup.com/interop/2007/05/identity/cameratype"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">cameratype</Setting>
<Setting Name="AttributeName" Type="xsd:string">cameratype</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
<Setting Name="DisplayName" Type="xsd:string">Camera Type</Setting>
</Setting>
<Setting Name="http://burtongroup.com/interop/2007/05/identity/group"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">group</Setting>
<Setting Name="AttributeName" Type="xsd:string">GroupName</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
<Setting Name="DisplayName" Type="xsd:string">Group</Setting>
</Setting>
<Setting Name="http://burtongroup.com/interop/2007/05/identity/groupRole"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">groupRole</Setting>
<Setting Name="AttributeName" Type="xsd:string">groupRole</Setting>
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity</Setting>
<Setting Name="DisplayName" Type="xsd:string">Group Role</Setting>
</Setting>
<Setting Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"; Type="htf:map">
<Setting Name="ClaimName" Type="xsd:string">privatepersonalidentifier</Setting>
<!--
WHY IS THAT COMMENTED ???????????????????????????????????6
-->
<!-- <Setting Name="AttributeName" Type="xsd:string">privatepersonalidentifier</Setting> -->
<Setting Name="AttributeNamespace" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims</Setting>
<Setting Name="DisplayName" Type="xsd:string">Private Personal Identifier</Setting>
</Setting>
</Setting>
<Setting Name="ComponentSettings" Type="htf:map">
<Setting Name="XMLSecurityExtension" Type="htf:map">
</Setting>
<Setting Name="JNDIContextFactory" Type="htf:map">
<Setting Name="Instance" Type="xsd:string">JNDIContextFactory</Setting>
<Setting Name="ContextTypes" Type="htf:list">
<Setting Name="LDAPContextType" Type="xsd:string">$context+ldap</Setting>
</Setting>
</Setting>
<Setting Name="IdentityAttributeService" Type="htf:map">
<Setting Name="ContextFactoryInstancesList" Type="htf:list">
<Setting Name="JNDIContextFactory" Type="htf:map">
<Setting Name="Instance" Type="xsd:string">JNDIContextFactory</Setting>
<Setting Name="ContextTypes" Type="htf:list">
<Setting Name="LDAPContextType" Type="xsd:string">$context+ldap</Setting>
</Setting>
</Setting>
</Setting>
<Setting Name="ContextIdsList" Type="htf:list">
<Setting Name="urn:Higgins-LDAP-Server" Type="htf:map">
<Setting Name="ContextId" Type="xsd:string">urn:Higgins-LDAP-Server</Setting>
<Setting Name="ContextTypes" Type="htf:list">
<Setting Name="LDAPContextType" Type="xsd:string">$context+ldap</Setting>
</Setting>
<Setting Name="ContextUris" Type="htf:list">
<Setting Name="DefaultContextUri" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
</Setting>
<Setting Name="Connection" Type="htf:map">
<Setting Name="ConnectionType" Type="xsd:string">LDAP</Setting>
<Setting Name="AddressList" Type="htf:list">
<Setting Name="Address" Type="xsd:string">ldap://localhost:389</Setting>
</Setting>
<Setting Name="jndiProvider" Type="xsd:string">com.sun.jndi.ldap.LdapCtxFactory</Setting>
</Setting>
<Setting Name="env" Type="htf:map">
<Setting Name="java.naming.security.authentication" Type="xsd:string">simple</Setting>
<Setting Name="java.naming.security.principal" Type="xsd:string">cn=root</Setting>
<Setting Name="java.naming.security.credentials" Type="xsd:string">higgins</Setting>
<Setting Name="java.naming.ldap.attributes.binary" Type="xsd:string">guid</Setting>
</Setting>
<Setting Name="JSPolicyAction" Type="htf:map">
<Setting Name="JSSharedScope" Type="htf:jscriptscope">
<![CDATA[
var multimap = {
consumer: [],
provider: []
};
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";] =
["givenname", "givenName", "2.5.4.42"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";] =
["sn", "surname", "2.5.4.4"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";] =
["mail", "email", "emailaddress", "internetaddress",
"1.2.840.113549.1.9.1", "rfc822mailbox", "0.9.2342.19200300.100.1.3"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";] =
["street", "streetaddress", "2.5.4.9"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";] =
["localityName", "2.5.4.7"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";] =
["st", "stateprovincename", "2.5.4.8"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";] =
["postalcode", "2.5.4.17"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";] =
["countryname", "2.5.4.6"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone";] =
["homephone", "telephonenumber", "2.5.4.20"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone";] =
["otherphone", "telephoneNumber"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone";] =
["mobile", "mobilephone", "0.9.2342.19200300.100.1.41"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";] =
["dateofbirth"];
multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";] =
["gender"];
multimap.consumer["http://sts.labs.live.com/2006/06/claims/nickname";] =
["nickname"];
multimap.consumer["http://burtongroup.com/interop/2007/05/identity/cameratype";] =
["cameratype"];
multimap.consumer["http://burtongroup.com/interop/2007/05/identity/group";] =
["GroupName"];
multimap.consumer["http://burtongroup.com/interop/2007/05/identity/groupRole";] =
["groupRole"];
for (elem in multimap.consumer)
{
for (provider in multimap.consumer[elem])
multimap.provider[multimap.consumer[elem][provider]] = elem;
}
]]>
</Setting>
<Setting Name="consumerEntityIDToProvider" Type="htf:jscriptexec">
<![CDATA[
RESULT = "uid=" + consumerID + ",ou=identities,dc=higgins,dc=eclipse,dc=org"
]]>
</Setting>
<Setting Name="providerEntityIDToConsumer" Type="htf:jscriptexec">
<![CDATA[
var re = new RegExp("^uid=(.*),ou=identities,dc=higgins,dc=eclipse,dc=org$", "i");
RESULT = String(providerID.toString()).replace(re, "$1");
]]>
</Setting>
<Setting Name="consumerAIDToProvider" Type="htf:jscriptexec">
<![CDATA[
map = multimap.consumer[String(consumerID.toString())];
if (!map)
{
var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_";, "i");
map = String(consumerID.toString()).replace(re, "");
}
RESULT = map;
]]>
</Setting>
<Setting Name="providerAIDToConsumer" Type="htf:jscriptexec">
<![CDATA[
map = multimap.provider[String(providerID.toString()).toLowerCase()];
if (!map)
map = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_"; + providerID.toString();
RESULT = map;
]]>
</Setting>
<Setting Name="consumerEntityTypeToProvider" Type="htf:jscriptexec">
<![CDATA[
var re = new RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_";, "i");
RESULT = String(consumerType.toString()).replace(re, "");
]]>
</Setting>
<Setting Name="providerEntityTypeToConsumer" Type="htf:jscriptexec">
<![CDATA[
RESULT = "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_"; + String(providerType.toString());
]]>
</Setting>
</Setting>
</Setting>
</Setting>
</Setting>
<Setting Name="AppliesToMapper" Type="htf:map">
<!-- The Extension Maps - used to map RSTs by their content to Token Extensions -->
<Setting Name="AppliesToMap" Type="htf:appliestomap">
<Setting Name="MikesSite" Type="htf:map">
<!-- <Setting Name="AppliesTo" Type="xsd:anyURI">http://mikes.com/</Setting>-->
<Setting Name="AppliesTo" Type="xsd:anyURI">http://207.162.8.236/</Setting>
<Setting Name="AppliesToMapping" Type="htf:appliestomapping">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
<!-- <Setting Name="Issuer" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self</Setting>-->
<Setting Name="Issuer" Type="xsd:anyURI">https://207.162.8.236:8443/TokenService/services/Trust</Setting>
</Setting>
</Setting>
</Setting>
</Setting>
<Setting Name="ExtensionMapper" Type="htf:map">
<!-- The Extension Maps - used to map RSTs by their content to Token Extensions -->
<Setting Name="ExtensionMap" Type="htf:extensionmap">
<Setting Name="SAML1.0Assertion-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML1.0Assertion-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML1.1Token-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</Setting>
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML1.1Token-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="Null-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="Null-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML1.0Assertion-Null-Issue-Provider" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.0:assertion</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
<Setting Name="Issuer" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Assertion-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Assertion-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Token-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</Setting>
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Token-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Assertion-Null-Issue-Provider" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:assertion</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
<Setting Name="Issuer" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Protocol-Null-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Protocol-Issue-Issue-Null" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
<Setting Name="Action" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
<Setting Name="SAML2.0Protocol-Null-Issue-Provider" Type="htf:map">
<Setting Name="ExtensionMapKey" Type="htf:extensionmapkey">
<Setting Name="TokenType" Type="xsd:anyURI">urn:oasis:names:tc:SAML:2.0:protocol</Setting>
<Setting Name="RequestType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</Setting>
<Setting Name="Issuer" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
</Setting>
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
</Setting>
</Setting>
<Setting Name="PollingMapper" Type="htf:map">
<Setting Name="ExtensionList" Type="htf:list">
<Setting Name="ExtensionName" Type="xsd:string">SAMLIssue</Setting>
</Setting>
</Setting>
<!-- Consumes incoming credentials and generates an IDigitalIdentity -->
<Setting Name="DigitalIdentityHandler" Type="htf:map">
<!-- "Special" user allowed to access IDigitalIdentity information on behalf of other users -->
<Setting Name="TrustedDelegator" Type="xsd:string">mikemci@xxxxxxxxxx</Setting>
<!-- ContextRef used when CardId is not present in RST -->
<Setting Name="DefaultContextRef" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
<!-- Name of the Attribute used to provide a SubjectNameIdentifier -->
<Setting Name="SubjectNameIdentifierAttribute" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
</Setting>
<!-- Consumes an IDigitalIdentity and generates a Provider Signed SAML Token -->
<Setting Name="TokenGeneratorHandler" Type="htf:map">
<!-- KeyType used when not specified in RST -->
<Setting Name="DefaultKeyType" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</Setting>
<!-- Whether the SubjectNameIdentifier should be included in bearer tokens (note CardSpace Conformance requires false) -->
<Setting Name="IncludeBearerSubjectName" Type="xsd:boolean">false</Setting>
<!-- TokenIssuer "logical name" (need not be resolved - added into tokens as the Issuer) -->
<Setting Name="TokenIssuer" Type="xsd:anyURI">https://localhost:8443/TokenService/services/Trust</Setting>
<!-- When the STS should encrypt the response token (assuming the AppliesTo contains the certificate) -->
<Setting Name="EncryptToken" Type="xsd:boolean">true</Setting>
<!-- Name of the Attribute used to provide a SubjectNameIdentifier -->
<Setting Name="SubjectNameIdentifierAttribute" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
<!-- Format of the Attribute used to provide a SubjectNameIdentifier -->
<Setting Name="SubjectNameIdentifierFormat" Type="xsd:anyURI">urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</Setting>
</Setting>
<Setting Name="TokenEncryptHandler" Type="htf:map">
</Setting>
<!-- Consumes incoming credentials and generates a Provider Signed SAML Token -->
<Setting Name="SAMLIssue" Type="htf:map">
<Setting Name="ExtensionList" Type="htf:list">
<Setting Name="First" Type="xsd:string">DigitalIdentityHandler</Setting>
<Setting Name="Third" Type="xsd:string">TokenGeneratorHandler</Setting>
<Setting Name="Fourth" Type="xsd:string">TokenEncryptHandler</Setting>
</Setting>
</Setting>
<Setting Name="MetadataExchangeService" Type="htf:map">
<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
- location relative to the Configuration directory -->
<Setting Name="MetadataWSDLFile" Type="htf:file">metadata-wsdl.xml</Setting>
<!-- The file that contains the Schema returned by the WS-Transfer Endpoint
- location relative to the Configuration directory -->
<Setting Name="MetadataSchemaFile" Type="htf:file">metadata-schema.xml</Setting>
<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
- when UsernameTokens are used to authenticate to the IP/STS
- location relative to the Configuration directory -->
<Setting Name="UsernameTokenIssuePolicyFile" Type="htf:file">metadata-issue-username-supported.xml</Setting>
<!-- The file that contains the template for the WSDL returned by the WS-Transfer Endpoint
- when SelfSignedSAML Tokens are used to authenticate to the IP/STS
- location relative to the Configuration directory -->
<Setting Name="SelfSignedSAMLTokenIssuePolicyFile" Type="htf:file">metadata-issue-selfsignedsaml-supported.xml</Setting>
<Setting Name="X509TokenIssuePolicyFile" Type="htf:file">metadata-issue-x509-supported.xml</Setting>
</Setting>
<Setting Name="SecurityTokenService" Type="htf:map">
<Setting Name="ExtensionMapperList" Type="htf:list">
<Setting Name="First" Type="xsd:string">AppliesToMapper</Setting>
<Setting Name="Second" Type="xsd:string">ExtensionMapper</Setting>
<Setting Name="Third" Type="xsd:string">PollingMapper</Setting>
</Setting>
</Setting>
<Setting Name="ProfileService" Type="htf:map">
<!-- The CardId to be placed into generated cards
- see JNDI CP documentation for details
- must point to JNDI CP config file -->
<Setting Name="CardId" Type="xsd:anyURI">urn:Higgins-LDAP-Server</Setting>
<!-- The file that contains the image to be placed into generated cards
- location relative to the Configuration directory -->
<Setting Name="CardImageFile" Type="htf:file">higgins.jpg</Setting>
<!-- The LDAP Server Endpoint where the Web Application stores User Profiles
- this is temporary until the Context Providers are writable -->
<Setting Name="LDAPProvider" Type="xsd:anyURI">ldap://localhost:389</Setting>
<!-- The LDAP Principal to be used to authenticate to the LDAP Server -->
<Setting Name="LDAPPrincipal" Type="xsd:string">cn=root</Setting>
<!-- The LDAP Credential to be user to authenticate to the LDAP Server -->
<Setting Name="LDAPCredential" Type="xsd:string">higgins</Setting>
<!-- The initial part of the DN for the entry for each User Profile in the LDAP Store -->
<Setting Name="LDAPEntryPrefix" Type="xsd:string">uid=</Setting>
<!-- The final part of the DN for the endtry for each User Profile in the LDAP Store -->
<Setting Name="LDAPEntrySuffix" Type="xsd:string">,ou=identities,dc=higgins,dc=eclipse,dc=org</Setting>
<!-- <Setting Name="LDAPTrustedStore" Type="xsd:string">LDAPTrustStore.jks</Setting>
<Setting Name="LDAPTrustedStorePassword" Type="xsd:string">changeit</Setting> -->
<Setting Name="SupportedClaimList" Type="htf:list">
<Setting Name="givenname" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</Setting>
<Setting Name="surname" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</Setting>
<Setting Name="emailaddress" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</Setting>
<Setting Name="streetaddress" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress</Setting>
<Setting Name="locality" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality</Setting>
<Setting Name="stateorprovince" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince</Setting>
<Setting Name="postalcode" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode</Setting>
<Setting Name="country" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country</Setting>
<Setting Name="homephone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone</Setting>
<Setting Name="otherphone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone</Setting>
<Setting Name="mobilephone" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</Setting>
<Setting Name="dateofbirth" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth</Setting>
<Setting Name="gender" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender</Setting>
<Setting Name="nickname" Type="xsd:anyURI">http://sts.labs.live.com/2006/06/claims/nickname</Setting>
<Setting Name="cameratype" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/cameratype</Setting>
<Setting Name="group" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/group</Setting>
<Setting Name="groupRole" Type="xsd:anyURI">http://burtongroup.com/interop/2007/05/identity/groupRole</Setting>
<Setting Name="privatepersonalidentifier" Type="xsd:anyURI">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</Setting>
</Setting>
<Setting Name="EntryObjectClassList" Type="htf:list">
<Setting Name="top" Type="xsd:string">top</Setting>
<Setting Name="person" Type="xsd:string">person</Setting>
<Setting Name="organizationalPerson" Type="xsd:string">organizationalPerson</Setting>
<Setting Name="inetOrgPerson" Type="xsd:string">inetOrgPerson</Setting>
<Setting Name="ePerson" Type="xsd:string">ePerson</Setting>
<Setting Name="higginsPerson" Type="xsd:string">higginsPerson</Setting>
</Setting>
</Setting>
</Setting>
<!-- The name of the class that provides the factory for the class that implements the Apache XML Security Extension -->
<Setting Name="XMLSecurityExtension" Type="htf:singleton">org.eclipse.higgins.sts.xmlsecurity.apache.XMLSecurityApacheExtensionFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the JNDI Context Provider -->
<Setting Name="JNDIContextFactory" Type="htf:classinstance">org.eclipse.higgins.idas.cp.jndi.JNDIContextFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the IdASRegistry -->
<Setting Name="IdentityAttributeService" Type="htf:classsingleton">org.eclipse.higgins.idas.registry.IdASRegistry</Setting>
<!-- The name of the class that provides the factory for the class that implements the AppliesTo Mapper -->
<Setting Name="AppliesToMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.appliesto.AppliesToMapperFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the Extension Mapper -->
<Setting Name="ExtensionMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.extension.ExtensionMapperFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the Polling Mapper -->
<Setting Name="PollingMapper" Type="htf:singleton">org.eclipse.higgins.sts.server.mapper.polling.PollingMapperFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the Digital Identity Token Extension -->
<Setting Name="DigitalIdentityHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.identity.DigitalIdentityHandlerFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the SAML Generator Token Extension -->
<Setting Name="TokenGeneratorHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.saml.TokenGeneratorHandlerFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the Encrypt Token Extension -->
<Setting Name="TokenEncryptHandler" Type="htf:instance">org.eclipse.higgins.sts.server.token.encrypt.TokenEncryptHandlerFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the SAML Token Extension -->
<Setting Name="SAMLIssue" Type="htf:instance">org.eclipse.higgins.sts.server.token.compound.CompoundHandlerFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the ProfileService -->
<Setting Name="ProfileService" Type="htf:singleton">org.eclipse.higgins.sts.server.profile.ProfileServiceFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the MetadataExchangeService -->
<Setting Name="MetadataExchangeService" Type="htf:singleton">org.eclipse.higgins.sts.server.metadata.MetadataExchangeServiceFactory</Setting>
<!-- The name of the class that provides the factory for the class that implements the SecurityTokenService -->
<Setting Name="SecurityTokenService" Type="htf:singleton">org.eclipse.higgins.sts.server.trust.SecurityTokenServiceFactory</Setting>
</Setting>
</Configuration>
