Re: [higgins-dev] Re: Problem sending cards to CardSync

[Jonathan Tellier <jonathan.tellier@xxxxxxxxx>]

Sergey,

> 1. Replace fixed extension mapper jar in RPPS too.

I've already done that

> 2. Try to use m-card with username/password credentials. I
> suppose your RPPS can not calculate a correct PPID when looks for
> p-card used to authenticate on STS. This is caused by a problem to build
> a certificate chain of the site used to issue m-card with PPID
> credentials.

Your theory about the problem with certificate chain makes sense.
M-Cards with username/password don't work on RP other that mine. The
browser gets stuck until I shut down the Azigo Selector. On the STS
side, I get:

14:41:55,586 DEBUG LogHelper.trace (71): Adding Identity Claim Name:
emailaddress
14:41:55,586 DEBUG LogHelper.trace (71): Adding Claim Value: 12@xxxxxx
14:41:55,628 DEBUG LogHelper.trace (71): Extension: TokenEncryptHandler
14:41:55,628 DEBUG LogHelper.trace (71): TokenEncryptHandler::invoke:
TokenEncryptHandler
14:41:55,629 DEBUG LogHelper.trace (71): Checking for AppliesTo
14:41:55,629 DEBUG LogHelper.trace (71): X509Data/X509Certificate Not Found

and on the RPPS side, I get:

Claim tag = Private Personal Identifier, claim type =
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier,
 claim value = 0bVIyP17enWtSyGK+h+SR+Kwr0Q7ZmVrJp8WgF+iAjM=
Claim tag = Email Address, claim type =
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,
claim value = 12@xxxxxx
14 Apr 2010 14:41:55,701 ERROR [http-8081-1] IdentityToken.toElement
(IdentityToken.java:150) - Unexpected RequestedSecurityToken

I've looked at the code and it seems that this error occurs when the
encrypted data is null.

For both the RPPS and the STS, I'm using the "localhost.jks" keystore
provided as an example with the STS. I'm not really used to working
with certificates. Could the problem be that the certificate contained
in the keystore is not signed by a trusted CA?

Thanks,
Jonathan


>
> Thanks,
> Sergey Lyakhov
>
> On Tue, 13 Apr 2010 15:56:47 -0400
> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>
>> Sergey,
>>
>> By using your new higgins-sts-server-mapper-extension, some things are
>> now working, but others are not.
>>
>> First, I get the same error when I try to send a p-card to a RP using
>> the Azigo Selector. And to answer the question in your last message, I
>> was not sending a m-card to identityblog.com. I was sending a p-card.
>> I've attached the logs (catalina_p-card_to_identityblog.out) that I'm
>> now getting with your new higgins-sts-server-mapper-extension, but the
>> error seems to be pretty much the same.
>>
>> As for sending a p-card to my test RP using the CloudSelector. It's
>> still not working. I've attached the RPPS logs
>> (catalina_rpps_p-card_cloudselector.out) and the STS/CloudSelector
>> logs (catalina_sts_p-card_cloudselector.out).
>>
>> I've also tried to send a m-card to my test RP using the
>> CloudSelector. Username Tokens are now working. As for Self Signed
>> SAML Tokens, they are still not working. When I'm trying to send that
>> kind of token, I get "Cannot find the Personal card used to
>> authenticate for this managed card". I've attached the RPPS logs
>> (catalina_rpps_saml_cloudselector.out) and the STS/CloudSelector logs
>> (catalina_sts_saml_cloudselector.out).
>>
>> I was also wondering why you jar ends with "1.0.600". All the
>> libraries I'm using end with "1.0.700". Is your code based on 1.1M6
>> while I'm using 1.1M7? Could that cause problems?
>>
>> Thanks,
>> Jonathan
>>
>>
>> On Tue, Apr 13, 2010 at 2:24 PM, Sergey Lyakhov
>> <slyakhov@xxxxxxxxxxxxxx> wrote:
>> > Jonathan,
>> >
>> >> I've attached the logs corresponding to the following:
>> >
>> >> 1. Starting Tomcat
>> >> 2. Logging with the Azigo Selector to this site:
>> >> http://www.identityblog.com/. The Azigo Selector shows an error
>> >> message saying that the request failed.
>> >> 3. Closing Tomcat.
>> >
>> > I've looked at the log. It looks you've used m-card, not p-card. Am
>> > I correct?
>> >
>> > Thanks,
>> > Sergey Lyakhov
>> >
>> > On Fri, 9 Apr 2010 15:04:38 -0400
>> > Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>> >
>> >> Sergey,
>> >>
>> >> Thanks for your help.
>> >>
>> >> > I need more info about this error. But, briefly, RPPS uses
>> >> > ClientConfiguration.xml (for m-card) and
>> >> > PersonalConfiguration.xml (for p-card). Your
>> >> > PersonalConfiguration.xml looks correct.
>> >> > RPPS should be configured in the same way as STS: you need to set
>> >> > "org.eclipse.higgins.sts.conf" property with a path to your
>> >> > ConfigurationFile folder.
>> >>
>> >> Here are the JAVA_OPTS I use to start the tomcat instance hosting
>> >> the RPPS:
>> >> -Dorg.eclipse.higgins.sts.conf=/home/higgins/ConfigurationFile
>> >> -Djavax.net.ssl.trustStore=/home/higgins/localhost.jks
>> >> -Djava.library.path=/home/higgins/native/ -Dlog4j.debug
>> >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>> >>
>> >> ... and the STS:
>> >> -Dorg.eclipse.higgins.sts.conf=/opt/tomcat/apache-tomcat-6.0.26/webapps/TokenService/ConfigurationFiles
>> >> -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
>> >> -Dorg.eclipse.higgins.sts.log4j.properties=/opt/tomcat/apache-tomcat-6.0.26/webapps/TokenService/ConfigurationFiles/log4j.properties
>> >> -Dlog4j.debug
>> >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>> >>
>> >> > sts_error.log is rather a log of Cloud Selector than STS.
>> >>
>> >> It's possible. Sorry. Both services are hosted by the same Tomcat
>> >> instance.
>> >>
>> >> > Please, do the following:
>> >> >
>> >> > 1. set RPPS logging level to ERROR.
>> >> > 2. clean catalina.out.
>> >> > 3. start RPPS.
>> >> > 4. try to log in with a p-card using Azigo Selector (not Cloud
>> >> > Selector).
>> >> > 5. send the result log file.
>> >>
>> >> I've attached the logs corresponding to the following:
>> >>
>> >> 1. Starting Tomcat
>> >> 2. Logging with the Azigo Selector to this site:
>> >> http://www.identityblog.com/. The Azigo Selector shows an error
>> >> message saying that the request failed.
>> >> 3. Closing Tomcat.
>> >>
>> >> Unfortunately, I can't find any information that helps me figuring
>> >> out the problem. Do you?
>> >>
>> >> Thanks,
>> >> Jonathan
>> >>
>> >>
>> >> >
>> >> > Thanks,
>> >> > Sergey Lyakhov
>> >> >
>> >> > On Thu, 8 Apr 2010 21:28:46 -0400
>> >> > Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >
>> >> >> OK, so I took a step back. Now, I'm only trying to send a
>> >> >> personal card that I've created with the Azigo selector. I've
>> >> >> looked at the database and it seems that the card has been
>> >> >> correctly imported. Here are the errors that I get.
>> >> >>
>> >> >> First, the cloud selector gives me:
>> >> >> RP discovery / realm validation disabled; this option SHOULD be
>> >> >> enabled for OPs
>> >> >>
>> >> >> Then, on the RPPS side, I get those errors that I find
>> >> >> concerning: 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
>> >> >> LogHelper.error (LogHelper.java:119) - No Extension
>> >> >> Configuration Found.
>> >> >>
>> >> >> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
>> >> >> CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495)
>> >> >> - Returning STS Fault: No Configuration Found.
>> >> >>
>> >> >> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
>> >> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
>> >> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
>> >> >>
>> >> >> I've attached the remaining of the logs for both the STS and the
>> >> >> RPPS along with the ~/.higgins and ~/ConfigurationFile folders
>> >> >> used by CardSync.
>> >> >>
>> >> >> Does this additional information gives any more insights about
>> >> >> my problem?
>> >> >>
>> >> >> Thanks,
>> >> >> Jonathan
>> >> >>
>> >> >>
>> >> >> On Wed, Apr 7, 2010 at 12:20 PM, Jonathan Tellier
>> >> >> <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> > Hi,
>> >> >> >
>> >> >> > Thank you for taking the time to try to help me.
>> >> >> >
>> >> >> >> 1. I did not found any critical error in your RPPS log.
>> >> >> >> Suppose it should successfully create and send p-cards. Is
>> >> >> >> it correct?
>> >> >> >
>> >> >> > No. I can create personal (and managed) cards, but I can't
>> >> >> > send any. When I try to send a personal card, I get:
>> >> >> >
>> >> >> > AxisFault
>> >> >> >  faultCode:
>> >> >> > {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
>> >> >> > faultSubcode: faultString: The specified request failed
>> >> >> >  faultActor: STS
>> >> >> >  faultNode:
>> >> >> >  faultDetail:
>> >> >> >        {http://xml.apache.org/axis/}hostname:higgins
>> >> >> >
>> >> >> > By looking at that error, I would imagine that some
>> >> >> > configuration that should point to my host is not set
>> >> >> > correctly, but I can't find it.
>> >> >> >
>> >> >> >> 2. Does you try to send a m-card of your STS? I see the
>> >> >> >> following in your STS log:
>> >> >> >> ......
>> >> >> >
>> >> >> > Yes, this error occurs when I try to send a managed card. I've
>> >> >> > updated my ManagedConfiguration.xml, but the error still
>> >> >> > happens. I've attached my new and updated config file so you
>> >> >> > can see if I've made any errors (note that the address of the
>> >> >> > server changed since I've deployed it elsewhere). If you need
>> >> >> > some other configuration files, I can also send them.
>> >> >> >
>> >> >> > Thanks for your time,
>> >> >> > Jonathan
>> >> >> >
>> >> >> >
>> >> >> >>
>> >> >> >> .....
>> >> >> >> AxisFault
>> >> >> >>  faultCode:
>> >> >> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
>> >> >> >> faultSubcode: faultString: The specified request failed
>> >> >> >>  faultActor:
>> >> >> >>  faultNode:
>> >> >> >>  faultDetail:
>> >> >> >>        {}Explanation:No Configuration Found.
>> >> >> >> ....
>> >> >> >>
>> >> >> >> Suppose it will be fixed after you set a correct "Issuer" URI
>> >> >> >> ( https://207.162.8.222:8443/TokenService/services/Trust ) in
>> >> >> >> "AppliesToMapper" section of ManagedConfiguration.xml (373
>> >> >> >> line).
>> >> >> >>
>> >> >> >> Thanks,
>> >> >> >> Sergey Lyakhov
>> >> >> >>
>> >> >> >> On Wed, 31 Mar 2010 10:21:02 -0400
>> >> >> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> >>
>> >> >> >>> I've had to redeploy everything on a new server, so I've
>> >> >> >>> taken the opportunity to use two instances of tomcat. One
>> >> >> >>> for CardSync and one for the STS/RP/CloudSelector. That way,
>> >> >> >>> configuration files and logs are more separated. I'm still
>> >> >> >>> not able to send card to CardSync though...
>> >> >> >>>
>> >> >> >>> I've paid a close attention to the logs while I'm creating a
>> >> >> >>> user, a card and importing it using the Azigo Selector.
>> >> >> >>> There's no errors whatsoever during this process. Then,
>> >> >> >>> I've tried to manually make a getTokenObject SOAP call to
>> >> >> >>> CardSync. This is the call I've made:
>> >> >> >>>
>> >> >> >>> <soapenv:Envelope
>> >> >> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> >> >> >>> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
>> >> >> >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
>> >> >> >>> xmlns:wsd="urn:RPPSService/wsdlRPPSService"
>> >> >> >>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
>> >> >> >>>    <soapenv:Header/>
>> >> >> >>>    <soapenv:Body>
>> >> >> >>>       <wsd:getTokenObject
>> >> >> >>> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
>> >> >> >>>          <userId xsi:type="xsd:string">foo9</userId>
>> >> >> >>>          <password xsi:type="xsd:string">bar9</password>
>> >> >> >>>          <policy xsi:type="xsd:string">
>> >> >> >>>        &lt;object type="application/x-informationCard"
>> >> >> >>> name="xmlToken"&gt; &lt;param name="privacyUrl"
>> >> >> >>> value="http://wiki.eclipse.org/Cloud_Selector"; /&gt;
>> >> >> >>>          &lt;param name="privacyVersion" value="1" /&gt;
>> >> >> >>>          &lt;param name="tokenType"
>> >> >> >>> value="urn:oasis:names:tc:SAML:1.0:assertion" /&gt;
>> >> >> >>>          &lt;param name="requiredClaims"
>> >> >> >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
>> >> >> >>> /&gt;
>> >> >> >>>          &lt;param name="optionalClaims"
>> >> >> >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>> >> >> >>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
>> >> >> >>> /&gt;
>> >> >> >>>        &lt;/object&gt;
>> >> >> >>>       </policy>
>> >> >> >>>          <policytype
>> >> >> >>> xsi:type="xsd:string">cardspace</policytype> <sslCert
>> >> >> >>> xsi:type="xsd:string"></sslCert> <cuids
>> >> >> >>> xsi:type="wsd:ArrayOf_xsd_string"
>> >> >> >>> soapenc:arrayType="xsd:string[]">
>> >> >> >>> <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&amp;cardid=upass_foo9</item>
>> >> >> >>> </cuids> <typeofCredential
>> >> >> >>> xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential>
>> >> >> >>>          <credentialKey xsi:type="wsd:ArrayOf_xsd_string"
>> >> >> >>> soapenc:arrayType="xsd:string[]">
>> >> >> >>>          <item>url</item>
>> >> >> >>>            <item>saveCard</item>
>> >> >> >>>          <item>saveCredential</item>
>> >> >> >>>          <item>address</item>
>> >> >> >>>            <item>metadataAddress</item>
>> >> >> >>>            <item>username</item>
>> >> >> >>>          <item>password</item>
>> >> >> >>>          </credentialKey>
>> >> >> >>>          <credentialValue xsi:type="wsd:ArrayOf_xsd_string"
>> >> >> >>> soapenc:arrayType="xsd:string[]">
>> >> >> >>>            <item>http://<my server's
>> >> >> >>> IP>:8080/proxy.web/server-carddetails</item>
>> >> >> >>>            <item>false</item>
>> >> >> >>>          <item>false</item>
>> >> >> >>>          <item>https://localhost:8443/TokenService/services/Trust</item>
>> >> >> >>>          <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item>
>> >> >> >>>          <item>foo9</item>
>> >> >> >>>            <item>bar9</item>
>> >> >> >>>          </credentialValue>
>> >> >> >>>       </wsd:getTokenObject>
>> >> >> >>>    </soapenv:Body>
>> >> >> >>> </soapenv:Envelope>
>> >> >> >>>
>> >> >> >>> I've attached the logs for CardSync and for the TokenService
>> >> >> >>> corresponding to that operation. Note that in the logs, I'm
>> >> >> >>> starting the server, making the SOAP request and stopping
>> >> >> >>> the server. Noting more. I've been scrutinizing the logs,
>> >> >> >>> my config files and trying to fix that problem for quite
>> >> >> >>> some time now, but I can't find the cause or the solution
>> >> >> >>> to my problem. I think that this part, in the TokenService
>> >> >> >>> logs might have something to do with it, but I'm not sure:
>> >> >> >>>
>> >> >> >>> AxisFault
>> >> >> >>>  faultCode:
>> >> >> >>> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
>> >> >> >>> faultSubcode: faultString: The specified request failed
>> >> >> >>>  faultActor:
>> >> >> >>>  faultNode:
>> >> >> >>>  faultDetail:
>> >> >> >>>         {}Explanation:No Configuration Found.
>> >> >> >>>
>> >> >> >>> What kind of configuration is this referring to?
>> >> >> >>>
>> >> >> >>> Well anyway, If any of you has a couple of minutes to spare
>> >> >> >>> and could help, I'd really appreciate it.
>> >> >> >>>
>> >> >> >>> Thanks,
>> >> >> >>> Jonathan
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier
>> >> >> >>> <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> >>> > Hello,
>> >> >> >>> >
>> >> >> >>> > I've attached logs for all steps in the process:
>> >> >> >>> >
>> >> >> >>> > - Staring the server
>> >> >> >>> > - Creating a card with the STS
>> >> >> >>> > - Importing a card with the Azigo selector
>> >> >> >>> > - Logging to the test RP with the CloudSelector
>> >> >> >>> >
>> >> >> >>> > As for my config files, which ones do you want?
>> >> >> >>> >
>> >> >> >>> > Since I start tomcat with the following java opts:
>> >> >> >>> >  -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>> >> >> >>> > -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
>> >> >> >>> > -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties
>> >> >> >>> > -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks
>> >> >> >>> > -Djava.library.path=$CATALINA_HOME/native_lib/
>> >> >> >>> > -Duser.home=/usr/share/higgins
>> >> >> >>> >
>> >> >> >>> > I've attached the content of:
>> >> >> >>> > - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles
>> >> >> >>> > - /usr/share/higgins
>> >> >> >>> >
>> >> >> >>> > Is there any other info that you would need?
>> >> >> >>> >
>> >> >> >>> > Thanks,
>> >> >> >>> > Jonathan
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov
>> >> >> >>> > <slyakhov@xxxxxxxxxxxxxx> wrote:
>> >> >> >>> >> Jonathan,
>> >> >> >>> >>
>> >> >> >>> >>> So, are I-Card Providers defined in
>> >> >> >>> >>> "ProvidersConfiguration.xml"? If it's the case, where
>> >> >> >>> >>> could I find a template of that file?
>> >> >> >>> >>
>> >> >> >>> >> ProvidersConfiguration.xml is just an alternative way of
>> >> >> >>> >> ICard providers configuration and should not affect on
>> >> >> >>> >> RPPS. What version of RPPS do you use? Can you provide
>> >> >> >>> >> your configuration files / error log?
>> >> >> >>> >>
>> >> >> >>> >> Thanks,
>> >> >> >>> >> Sergey Lyakhov
>> >> >> >>> >>
>> >> >> >>> >> On Tue, 23 Mar 2010 14:44:26 -0400
>> >> >> >>> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> >>> >>
>> >> >> >>> >>> I think I might have found something of interest. As
>> >> >> >>> >>> I've mentioned earlier, I get a FileNotFoundException on
>> >> >> >>> >>> "ProvidersConfiguration.xml". Now, I've just realized
>> >> >> >>> >>> that this error also occurs when I'm trying to import a
>> >> >> >>> >>> card. After some research, I've learned that I-Card
>> >> >> >>> >>> Providers manage the persistence of I-Cards. So, would
>> >> >> >>> >>> it be possible that the reason why I can't send I-Cards
>> >> >> >>> >>> using the CloudSelector is actually because the cards
>> >> >> >>> >>> are not properly imported? From what I can deduce, this
>> >> >> >>> >>> would make sense since in the stack trace that I see
>> >> >> >>> >>> when trying to send a card, there seem to be some
>> >> >> >>> >>> problems parsing the card data.
>> >> >> >>> >>>
>> >> >> >>> >>> So, are I-Card Providers defined in
>> >> >> >>> >>> "ProvidersConfiguration.xml"? If it's the case, where
>> >> >> >>> >>> could I find a template of that file?
>> >> >> >>> >>>
>> >> >> >>> >>> Thanks,
>> >> >> >>> >>> Jonathan
>> >> >> >>> >>>
>> >> >> >>> >>>
>> >> >> >>> >>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier
>> >> >> >>> >>> <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> >>> >>> > In the past few days, I've done some debugging and
>> >> >> >>> >>> > have found out a small piece of information that I
>> >> >> >>> >>> > hope could be useful. Basically, I've figured out the
>> >> >> >>> >>> > parameters which are used to when performing the
>> >> >> >>> >>> > getTokenObject SOAP call where trying to use a
>> >> >> >>> >>> > username/password card. Here there are:
>> >> >> >>> >>> >
>> >> >> >>> >>> > userId: foo
>> >> >> >>> >>> >
>> >> >> >>> >>> > password: bar
>> >> >> >>> >>> >
>> >> >> >>> >>> > policy:
>> >> >> >>> >>> > <object type="application/x-informationCard"
>> >> >> >>> >>> > name="xmlToken"> <param name="privacyUrl"
>> >> >> >>> >>> > value="http://wiki.eclipse.org/Cloud_Selector"; />
>> >> >> >>> >>> > <param name="privacyVersion" value="1" /> <param
>> >> >> >>> >>> > name="tokenType"
>> >> >> >>> >>> > value="urn:oasis:names:tc:SAML:1.0:assertion" />
>> >> >> >>> >>> > <param name="requiredClaims"
>> >> >> >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
>> >> >> >>> >>> > <param name="optionalClaims"
>> >> >> >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
>> >> >> >>> >>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
>> >> >> >>> >>> > </object>
>> >> >> >>> >>> >
>> >> >> >>> >>> > policytype: cardspace
>> >> >> >>> >>> >
>> >> >> >>> >>> > sslCert:
>> >> >> >>> >>> >
>> >> >> >>> >>> > cuids:
>> >> >> >>> >>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my
>> >> >> >>> >>> > server's
>> >> >> >>> >>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto
>> >> >> >>> >>> >
>> >> >> >>> >>> > typeofCredential: ITSUsernamePasswordCredential
>> >> >> >>> >>> >
>> >> >> >>> >>> > credentialKey:
>> >> >> >>> >>> > url
>> >> >> >>> >>> > saveCard
>> >> >> >>> >>> > saveCredential
>> >> >> >>> >>> > address
>> >> >> >>> >>> > metadataAddress
>> >> >> >>> >>> > username
>> >> >> >>> >>> > password
>> >> >> >>> >>> >
>> >> >> >>> >>> > credentialValue:
>> >> >> >>> >>> > http://<my server's
>> >> >> >>> >>> > address>/proxy.web/server-carddetails false
>> >> >> >>> >>> > false
>> >> >> >>> >>> > https://<my server's
>> >> >> >>> >>> > address>/TokenService/services/Trust https://<my
>> >> >> >>> >>> > address>server's /TokenService/services/MetadataUsernameToken
>> >> >> >>> >>> > address>foo
>> >> >> >>> >>> > bar
>> >> >> >>> >>> >
>> >> >> >>> >>> > I've also tried to manually send a SOAP request to
>> >> >> >>> >>> > CardSync and also to use a card from
>> >> >> >>> >>> > https://openidcards.sxip.com/, but in both cases, I
>> >> >> >>> >>> > get the same "The specified request failed" error. I
>> >> >> >>> >>> > would like to try the
>> >> >> >>> >>> > http://higgins.eclipse.org/TokenService STS, but for
>> >> >> >>> >>> > every action I try to perform using it, I get:
>> >> >> >>> >>> >
>> >> >> >>> >>> > exception: javax.naming.CommunicationException:
>> >> >> >>> >>> > higgins.watson.ibm.com:636 [Root exception is
>> >> >> >>> >>> > java.net.ConnectException: Connection refused]
>> >> >> >>> >>> >
>> >> >> >>> >>> > So, is there something wrong with the parameters that
>> >> >> >>> >>> > are used? Does anyone has an idea about how I could
>> >> >> >>> >>> > solve my problem?
>> >> >> >>> >>> >
>> >> >> >>> >>> > Thanks,
>> >> >> >>> >>> > Jonathan
>> >> >> >>> >>> >
>> >> >> >>> >>> >
>> >> >> >>> >>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier
>> >> >> >>> >>> > <jonathan.tellier@xxxxxxxxx> wrote:
>> >> >> >>> >>> >> Hello there,
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> I think that I'm almost done with my local
>> >> >> >>> >>> >> deployment of the
>> >> >> >>> >>> >> CloudSelector/CardSync/TokenService, but I've still
>> >> >> >>> >>> >> got some problems. When I try to send a personal
>> >> >> >>> >>> >> card or a card that uses a Username Token, I get a
>> >> >> >>> >>> >> STSFaultException caused by this error:
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1]
>> >> >> >>> >>> >> LogHelper.error (LogHelper.java:119) - No Extension
>> >> >> >>> >>> >> Configuration Found.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1]
>> >> >> >>> >>> >> CardSpaceSelector.getIdentityToken
>> >> >> >>> >>> >> (CardSpaceSelector.java:495) - Returning
>> >> >> >>> >>> >>  STS Fault: No Configuration Found.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1]
>> >> >> >>> >>> >> RPPSServiceImpl.getTokenObject
>> >> >> >>> >>> >> (RPPSServiceImpl.java:833) - org.eclipse.hig
>> >> >> >>> >>> >> gins.icard.provider.cardspace.common.STSFaultException
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
>> >> >> >>> >>> >>        at
>> >> >> >>> >>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496)
>> >> >> >>> >>> >> at
>> >> >> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245)
>> >> >> >>> >>> >> at
>> >> >> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310)
>> >> >> >>> >>> >> at
>> >> >> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438)
>> >> >> >>> >>> >> at
>> >> >> >>> >>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830)
>> >> >> >>> >>> >> [... stacktrace continues ...]
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6]
>> >> >> >>> >>> >> CardsServlet.error (CardsServlet.java:103) - Sorry,
>> >> >> >>> >>> >> we could not process the OpenID request: The
>> >> >> >>> >>> >> specified request failed
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> AxisFault
>> >> >> >>> >>> >>  faultCode:
>> >> >> >>> >>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
>> >> >> >>> >>> >> faultSubcode: faultString: The specified request
>> >> >> >>> >>> >> failed faultActor: STS
>> >> >> >>> >>> >>  faultNode:
>> >> >> >>> >>> >>  faultDetail:
>> >> >> >>> >>> >>        {http://xml.apache.org/axis/}hostname:salmond
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> When I try to send a card that uses a Self Signed
>> >> >> >>> >>> >> SAML Token, I get:
>> >> >> >>> >>> >> org.eclipse.higgins.iss.ISSException: Cannot find
>> >> >> >>> >>> >> the Personal card used to authenticate for this
>> >> >> >>> >>> >> managed card.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> When logging with the card selector, I've also got
>> >> >> >>> >>> >> this error, but I don't know if it's relevant or not
>> >> >> >>> >>> >> since it does not prevent any actions.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1]
>> >> >> >>> >>> >> ICardSelectorService.getICardSelector
>> >> >> >>> >>> >> (ICardSelectorService.java:148)
>> >> >> >>> >>> >> - org.eclipse.higgins.iss.PolicyParseException: Can
>> >> >> >>> >>> >> not parse password managed policy. Root element is
>> >> >> >>> >>> >> not PwmPolicy
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>> >> >> >>> >>> >> ConfigurationHandler.omFromFile
>> >> >> >>> >>> >> (ConfigurationHandler.java:180) -
>> >> >> >>> >>> >> java.io.FileNotFoundException: /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>> >> >> >>> >>> >> (No such file or directory)
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
>> >> >> >>> >>> >> ConfigurationHandler.configure
>> >> >> >>> >>> >> (ConfigurationHandler.java:288)
>> >> >> >>> >>> >> - /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
>> >> >> >>> >>> >> (No such file or directory)
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> What is this "ProvidersConfiguration.xml" file? I
>> >> >> >>> >>> >> could not find any reference to it anywhere.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> Finally, when configuring my deployment, I've had to
>> >> >> >>> >>> >> comment out references to some classes in the
>> >> >> >>> >>> >> "ClientConfiguration.xml" file. I've had to comment
>> >> >> >>> >>> >> references to
>> >> >> >>> >>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler"
>> >> >> >>> >>> >> and
>> >> >> >>> >>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler"
>> >> >> >>> >>> >> because they don't seem to be present in B-1-1M7 and
>> >> >> >>> >>> >> to
>> >> >> >>> >>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory"
>> >> >> >>> >>> >> because the instance returned was always null. Could
>> >> >> >>> >>> >> this be related to the problems I'm encountering
>> >> >> >>> >>> >> when trying to send cards?
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> I would like to provide more information regarding
>> >> >> >>> >>> >> those errors, but I don't really understand them...
>> >> >> >>> >>> >> So if any of you has any ideas about the cause of
>> >> >> >>> >>> >> those errors, please share them because at this
>> >> >> >>> >>> >> point, any help would be gladly appreciated.
>> >> >> >>> >>> >>
>> >> >> >>> >>> >> Thanks,
>> >> >> >>> >>> >> Jonathan
>> >> >> >>> >>> >>
>> >> >> >>> >>> >
>> >> >> >>> >>> _______________________________________________
>> >> >> >>> >>> higgins-dev mailing list
>> >> >> >>> >>> higgins-dev@xxxxxxxxxxx
>> >> >> >>> >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>> >> >> >>> >>>
>> >> >> >>> >>
>> >> >> >>> >>
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> higgins-dev mailing list
>> >> >> >> higgins-dev@xxxxxxxxxxx
>> >> >> >> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>> >> >> >>
>> >> >> >
>> >> >
>> >> >
>> >> >
>> >
>> >
>> >
>
>
>