| Re: [higgins-dev] Re: Problem sending cards to CardSync |
OK, so I took a step back. Now, I'm only trying to send a personal
card that I've created with the Azigo selector. I've looked at the
database and it seems that the card has been correctly imported. Here
are the errors that I get.
First, the cloud selector gives me:
RP discovery / realm validation disabled; this option SHOULD be enabled for OPs
Then, on the RPPS side, I get those errors that I find concerning:
08 Apr 2010 20:45:40,752 ERROR [http-8081-1] LogHelper.error
(LogHelper.java:119) - No Extension Configuration Found.
08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) -
Returning STS Fault: No Configuration Found.
08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
I've attached the remaining of the logs for both the STS and the RPPS
along with the ~/.higgins and ~/ConfigurationFile folders used by
CardSync.
Does this additional information gives any more insights about my problem?
Thanks,
Jonathan
On Wed, Apr 7, 2010 at 12:20 PM, Jonathan Tellier
<jonathan.tellier@xxxxxxxxx> wrote:
> Hi,
>
> Thank you for taking the time to try to help me.
>
>> 1. I did not found any critical error in your RPPS log. Suppose it
>> should successfully create and send p-cards. Is it correct?
>
> No. I can create personal (and managed) cards, but I can't send any.
> When I try to send a personal card, I get:
>
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
> faultSubcode:
> faultString: The specified request failed
> faultActor: STS
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}hostname:higgins
>
> By looking at that error, I would imagine that some configuration that
> should point to my host is not set correctly, but I can't find it.
>
>> 2. Does you try to send a m-card of your STS? I see the following in
>> your STS log:
>> ......
>
> Yes, this error occurs when I try to send a managed card. I've updated
> my ManagedConfiguration.xml, but the error still happens. I've
> attached my new and updated config file so you can see if I've made
> any errors (note that the address of the server changed since I've
> deployed it elsewhere). If you need some other configuration files, I
> can also send them.
>
> Thanks for your time,
> Jonathan
>
>
>>
>> .....
>> AxisFault
>> faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
>> faultSubcode:
>> faultString: The specified request failed
>> faultActor:
>> faultNode:
>> faultDetail:
>> {}Explanation:No Configuration Found.
>> ....
>>
>> Suppose it will be fixed after you set a correct "Issuer" URI
>> ( https://207.162.8.222:8443/TokenService/services/Trust ) in
>> "AppliesToMapper" section of ManagedConfiguration.xml (373 line).
>>
>> Thanks,
>> Sergey Lyakhov
>>
>> On Wed, 31 Mar 2010 10:21:02 -0400
>> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>>
>>> I've had to redeploy everything on a new server, so I've taken the
>>> opportunity to use two instances of tomcat. One for CardSync and one
>>> for the STS/RP/CloudSelector. That way, configuration files and logs
>>> are more separated. I'm still not able to send card to CardSync
>>> though...
>>>
>>> I've paid a close attention to the logs while I'm creating a user, a
>>> card and importing it using the Azigo Selector. There's no errors
>>> whatsoever during this process. Then, I've tried to manually make a
>>> getTokenObject SOAP call to CardSync. This is the call I've made:
>>>
>>> <soapenv:Envelope
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
>>> xmlns:wsd="urn:RPPSService/wsdlRPPSService"
>>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
>>> <soapenv:Header/>
>>> <soapenv:Body>
>>> <wsd:getTokenObject
>>> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
>>> <userId xsi:type="xsd:string">foo9</userId>
>>> <password xsi:type="xsd:string">bar9</password>
>>> <policy xsi:type="xsd:string">
>>> <object type="application/x-informationCard"
>>> name="xmlToken"> <param name="privacyUrl"
>>> value="http://wiki.eclipse.org/Cloud_Selector"; />
>>> <param name="privacyVersion" value="1" />
>>> <param name="tokenType"
>>> value="urn:oasis:names:tc:SAML:1.0:assertion" />
>>> <param name="requiredClaims"
>>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
>>> />
>>> <param name="optionalClaims"
>>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
>>> />
>>> </object>
>>> </policy>
>>> <policytype xsi:type="xsd:string">cardspace</policytype>
>>> <sslCert xsi:type="xsd:string"></sslCert>
>>> <cuids xsi:type="wsd:ArrayOf_xsd_string"
>>> soapenc:arrayType="xsd:string[]">
>>> <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=upass_foo9</item>
>>> </cuids>
>>> <typeofCredential
>>> xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential>
>>> <credentialKey xsi:type="wsd:ArrayOf_xsd_string"
>>> soapenc:arrayType="xsd:string[]">
>>> <item>url</item>
>>> <item>saveCard</item>
>>> <item>saveCredential</item>
>>> <item>address</item>
>>> <item>metadataAddress</item>
>>> <item>username</item>
>>> <item>password</item>
>>> </credentialKey>
>>> <credentialValue xsi:type="wsd:ArrayOf_xsd_string"
>>> soapenc:arrayType="xsd:string[]">
>>> <item>http://<my server's
>>> IP>:8080/proxy.web/server-carddetails</item>
>>> <item>false</item>
>>> <item>false</item>
>>> <item>https://localhost:8443/TokenService/services/Trust</item>
>>> <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item>
>>> <item>foo9</item>
>>> <item>bar9</item>
>>> </credentialValue>
>>> </wsd:getTokenObject>
>>> </soapenv:Body>
>>> </soapenv:Envelope>
>>>
>>> I've attached the logs for CardSync and for the TokenService
>>> corresponding to that operation. Note that in the logs, I'm starting
>>> the server, making the SOAP request and stopping the server. Noting
>>> more. I've been scrutinizing the logs, my config files and trying to
>>> fix that problem for quite some time now, but I can't find the cause
>>> or the solution to my problem. I think that this part, in the
>>> TokenService logs might have something to do with it, but I'm not
>>> sure:
>>>
>>> AxisFault
>>> faultCode: {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
>>> faultSubcode:
>>> faultString: The specified request failed
>>> faultActor:
>>> faultNode:
>>> faultDetail:
>>> {}Explanation:No Configuration Found.
>>>
>>> What kind of configuration is this referring to?
>>>
>>> Well anyway, If any of you has a couple of minutes to spare and could
>>> help, I'd really appreciate it.
>>>
>>> Thanks,
>>> Jonathan
>>>
>>>
>>> On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier
>>> <jonathan.tellier@xxxxxxxxx> wrote:
>>> > Hello,
>>> >
>>> > I've attached logs for all steps in the process:
>>> >
>>> > - Staring the server
>>> > - Creating a card with the STS
>>> > - Importing a card with the Azigo selector
>>> > - Logging to the test RP with the CloudSelector
>>> >
>>> > As for my config files, which ones do you want?
>>> >
>>> > Since I start tomcat with the following java opts:
>>> > -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>>> > -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
>>> > -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties
>>> > -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks
>>> > -Djava.library.path=$CATALINA_HOME/native_lib/
>>> > -Duser.home=/usr/share/higgins
>>> >
>>> > I've attached the content of:
>>> > - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>>> > - /usr/share/higgins
>>> >
>>> > Is there any other info that you would need?
>>> >
>>> > Thanks,
>>> > Jonathan
>>> >
>>> >
>>> > On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov
>>> > <slyakhov@xxxxxxxxxxxxxx> wrote:
>>> >> Jonathan,
>>> >>
>>> >>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"?
>>> >>> If it's the case, where could I find a template of that file?
>>> >>
>>> >> ProvidersConfiguration.xml is just an alternative way of ICard
>>> >> providers configuration and should not affect on RPPS. What
>>> >> version of RPPS do you use? Can you provide your configuration
>>> >> files / error log?
>>> >>
>>> >> Thanks,
>>> >> Sergey Lyakhov
>>> >>
>>> >> On Tue, 23 Mar 2010 14:44:26 -0400
>>> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>>> >>
>>> >>> I think I might have found something of interest. As I've
>>> >>> mentioned earlier, I get a FileNotFoundException on
>>> >>> "ProvidersConfiguration.xml". Now, I've just realized that this
>>> >>> error also occurs when I'm trying to import a card. After some
>>> >>> research, I've learned that I-Card Providers manage the
>>> >>> persistence of I-Cards. So, would it be possible that the reason
>>> >>> why I can't send I-Cards using the CloudSelector is actually
>>> >>> because the cards are not properly imported? From what I can
>>> >>> deduce, this would make sense since in the stack trace that I see
>>> >>> when trying to send a card, there seem to be some problems
>>> >>> parsing the card data.
>>> >>>
>>> >>> So, are I-Card Providers defined in "ProvidersConfiguration.xml"?
>>> >>> If it's the case, where could I find a template of that file?
>>> >>>
>>> >>> Thanks,
>>> >>> Jonathan
>>> >>>
>>> >>>
>>> >>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier
>>> >>> <jonathan.tellier@xxxxxxxxx> wrote:
>>> >>> > In the past few days, I've done some debugging and have found
>>> >>> > out a small piece of information that I hope could be useful.
>>> >>> > Basically, I've figured out the parameters which are used to
>>> >>> > when performing the getTokenObject SOAP call where trying to
>>> >>> > use a username/password card. Here there are:
>>> >>> >
>>> >>> > userId: foo
>>> >>> >
>>> >>> > password: bar
>>> >>> >
>>> >>> > policy:
>>> >>> > <object type="application/x-informationCard" name="xmlToken">
>>> >>> > <param name="privacyUrl"
>>> >>> > value="http://wiki.eclipse.org/Cloud_Selector"; /> <param
>>> >>> > name="privacyVersion" value="1" /> <param name="tokenType"
>>> >>> > value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param
>>> >>> > name="requiredClaims"
>>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
>>> >>> > <param name="optionalClaims"
>>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>>> >>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
>>> >>> > </object>
>>> >>> >
>>> >>> > policytype: cardspace
>>> >>> >
>>> >>> > sslCert:
>>> >>> >
>>> >>> > cuids:
>>> >>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my
>>> >>> > server's
>>> >>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto
>>> >>> >
>>> >>> > typeofCredential: ITSUsernamePasswordCredential
>>> >>> >
>>> >>> > credentialKey:
>>> >>> > url
>>> >>> > saveCard
>>> >>> > saveCredential
>>> >>> > address
>>> >>> > metadataAddress
>>> >>> > username
>>> >>> > password
>>> >>> >
>>> >>> > credentialValue:
>>> >>> > http://<my server's address>/proxy.web/server-carddetails
>>> >>> > false
>>> >>> > false
>>> >>> > https://<my server's address>/TokenService/services/Trust
>>> >>> > https://<my server's
>>> >>> > address>/TokenService/services/MetadataUsernameToken foo
>>> >>> > bar
>>> >>> >
>>> >>> > I've also tried to manually send a SOAP request to CardSync and
>>> >>> > also to use a card from https://openidcards.sxip.com/, but in
>>> >>> > both cases, I get the same "The specified request failed"
>>> >>> > error. I would like to try the
>>> >>> > http://higgins.eclipse.org/TokenService STS, but for every
>>> >>> > action I try to perform using it, I get:
>>> >>> >
>>> >>> > exception: javax.naming.CommunicationException:
>>> >>> > higgins.watson.ibm.com:636 [Root exception is
>>> >>> > java.net.ConnectException: Connection refused]
>>> >>> >
>>> >>> > So, is there something wrong with the parameters that are used?
>>> >>> > Does anyone has an idea about how I could solve my problem?
>>> >>> >
>>> >>> > Thanks,
>>> >>> > Jonathan
>>> >>> >
>>> >>> >
>>> >>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier
>>> >>> > <jonathan.tellier@xxxxxxxxx> wrote:
>>> >>> >> Hello there,
>>> >>> >>
>>> >>> >> I think that I'm almost done with my local deployment of the
>>> >>> >> CloudSelector/CardSync/TokenService, but I've still got some
>>> >>> >> problems. When I try to send a personal card or a card that
>>> >>> >> uses a Username Token, I get a STSFaultException caused by
>>> >>> >> this error:
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1] LogHelper.error
>>> >>> >> (LogHelper.java:119) - No Extension Configuration Found.
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1]
>>> >>> >> CardSpaceSelector.getIdentityToken
>>> >>> >> (CardSpaceSelector.java:495) - Returning
>>> >>> >> STS Fault: No Configuration Found.
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1]
>>> >>> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
>>> >>> >> org.eclipse.hig
>>> >>> >> gins.icard.provider.cardspace.common.STSFaultException
>>> >>> >>
>>> >>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
>>> >>> >> at
>>> >>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496)
>>> >>> >> at
>>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245)
>>> >>> >> at
>>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310)
>>> >>> >> at
>>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438)
>>> >>> >> at
>>> >>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830)
>>> >>> >> [... stacktrace continues ...]
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6] CardsServlet.error
>>> >>> >> (CardsServlet.java:103) - Sorry, we could not process the
>>> >>> >> OpenID request: The specified request failed
>>> >>> >>
>>> >>> >> AxisFault
>>> >>> >> faultCode:
>>> >>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
>>> >>> >> faultSubcode: faultString: The specified request failed
>>> >>> >> faultActor: STS
>>> >>> >> faultNode:
>>> >>> >> faultDetail:
>>> >>> >> {http://xml.apache.org/axis/}hostname:salmond
>>> >>> >>
>>> >>> >> When I try to send a card that uses a Self Signed SAML Token, I
>>> >>> >> get: org.eclipse.higgins.iss.ISSException: Cannot find the
>>> >>> >> Personal card used to authenticate for this managed card.
>>> >>> >>
>>> >>> >> When logging with the card selector, I've also got this error,
>>> >>> >> but I don't know if it's relevant or not since it does not
>>> >>> >> prevent any actions.
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1]
>>> >>> >> ICardSelectorService.getICardSelector
>>> >>> >> (ICardSelectorService.java:148)
>>> >>> >> - org.eclipse.higgins.iss.PolicyParseException: Can not parse
>>> >>> >> password managed policy. Root element is not PwmPolicy
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>>> >>> >> ConfigurationHandler.omFromFile
>>> >>> >> (ConfigurationHandler.java:180) -
>>> >>> >> java.io.FileNotFoundException: /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>>> >>> >> (No such file or directory)
>>> >>> >>
>>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>>> >>> >> ConfigurationHandler.configure (ConfigurationHandler.java:288)
>>> >>> >> - /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>>> >>> >> (No such file or directory)
>>> >>> >>
>>> >>> >> What is this "ProvidersConfiguration.xml" file? I could not
>>> >>> >> find any reference to it anywhere.
>>> >>> >>
>>> >>> >> Finally, when configuring my deployment, I've had to comment
>>> >>> >> out references to some classes in the
>>> >>> >> "ClientConfiguration.xml" file. I've had to comment references
>>> >>> >> to
>>> >>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler"
>>> >>> >> and
>>> >>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler"
>>> >>> >> because they don't seem to be present in B-1-1M7 and to
>>> >>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory"
>>> >>> >> because the instance returned was always null. Could this be
>>> >>> >> related to the problems I'm encountering when trying to send
>>> >>> >> cards?
>>> >>> >>
>>> >>> >> I would like to provide more information regarding those
>>> >>> >> errors, but I don't really understand them... So if any of you
>>> >>> >> has any ideas about the cause of those errors, please share
>>> >>> >> them because at this point, any help would be gladly
>>> >>> >> appreciated.
>>> >>> >>
>>> >>> >> Thanks,
>>> >>> >> Jonathan
>>> >>> >>
>>> >>> >
>>> >>> _______________________________________________
>>> >>> higgins-dev mailing list
>>> >>> higgins-dev@xxxxxxxxxxx
>>> >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >
>>
>>
>> _______________________________________________
>> higgins-dev mailing list
>> higgins-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>>
>
Attachment:
config_dirs.zip
Description: Zip archive
Attachment:
rpps_error.log
Description: Binary data
Attachment:
sts_error.log
Description: Binary data