Hello, I'm not sure, but it seems the issue with RP policy.
Michael, would you open soap monitor (/cardsync-new/SOAPMonitor) and debug/compare requests from the cloud selector and Azigo. You also may compare requests to test server rh155.azigo.net by using http://rh155.azigo.net/cardsync-new/SOAPMonitor. (Soap monitor is axis java applet, so your web browser needs java plugin). -- thanks, Alexander Yuhimenko On Thu, 21 Jan 2010 13:14:57 -0500 Markus Sabadello <[email protected]> wrote: > It's not the proxy.test application that requests a token. > What happens is that the proxy.web application makes a call to RPPS which > then requests a token from the STS. > > It may be helpful if you could tell us the exact error message you are > getting. > > But in any case, I agree it seems wrong that the <TokenType> and <Claims> > elements are empty. > > Does anyone on the list know why a getTokenObject() RPPS call like the > following: > > TokenResponseTO tokenResponseNotEncrypted = sei.getTokenObject( > username, > password, > policy, > "cardspace", > "", > new String[] { selectedCardTo.getCardId() } , > "ITSUsernamePasswordCredential", > new String[] { > "url", > "saveCard", > "saveCredential", > "address", > "metadataAddress", > "username", > "password" > }, > new String[] { > request.getRequestURL().toString(), > "false", > saveCredential ? "true" : "false", > uiTokenServiceCredential == null ? "" : > uiTokenServiceCredential.getAddress(), > uiTokenServiceCredential == null ? "" : > uiTokenServiceCredential.getMetadataAddress(), > cardUsername == null ? "" : cardUsername, > cardPassword == null ? "" : cardPassword > }); > > ... could result in RPPS sending an RST with empty <TokenType> and <Claims> > ?? > > Markus > > On Thu, Jan 21, 2010 at 11:48 AM, Booth, Michael > <[email protected]>wrote: > > > > > I have installed the TokenService, cardsync, rp-simple, and the cloud > > selector. I am able to create cards from the token service and import them > > into my local cardsync through azigo desktop by pointing it into my local > > version of cardsync. I am able to use that card on the rp-simple site > > running locally. I am able to get through ModeAuth in the CloudSelector > > (proxy.test) web application successfully, however if I try to use any of > > the other tabs on the proxy.test web app pointing to my local cloud selector > > I get an error on the Axis Error on the TokenService stating that there is > > no configuration. I have captured the successful soap request from the > > rp-simple app and the bad request from the proxy.test app using the cloud > > selector and noticed that the proxy.test app request does not contain a > > TokenType or Required Claims as the rp-simple request does (please see > > below). > > > > What and where do I have to configure to fix this. > > > > > > THE GOOD REQUEST (FROM RP-SIMPLE): > > ---------------------------------- > > 11:57:17,680 DEBUG LogHelper.trace (71): Request: <S:Envelope xmlns:S=" > > http://ww > > w.w3.org/2003/05/soap-envelope"><S:Header><Security xmlns=" > > http://docs.oasis-ope > > n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp > > xml > > ns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > > > > ty-1.0.xsd"><wsu:Created>2010-01-20T16:57:13.258Z</wsu:Created><wsu:Expires>2010 > > -01-27T16:57:13.258Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken > > xmlns:wsse > > =" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0 > > . > > xsd"><wsse:Username>mbooth</wsse:Username><wsse:Password Type=" > > http://docs.oasis > > - > > open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > "> > > mbooth</wsse:Password></wsse:UsernameToken></Security><To xmlns=" > > http://www.w3.o > > rg/2005/08/addressing">https://localhost:9443/TokenService/services/Trust > > </To><A > > ction xmlns="http://www.w3.org/2005/08/addressing";> > > http://schemas.xmlsoap.org/ws > > /2005/02/trust/RST/Issue</Action><ReplyTo xmlns=" > > http://www.w3.org/2005/08/addre > > ssing"> > > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> > > </ReplyTo><MessageID xmlns="http://www.w3.org/2005/08/addressing > > ">uuid:c050b9ff- > > > > c9d2-484b-928e-20067b301caf</MessageID></S:Header><S:Body><wst:RequestSecurityTo > > ken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:ns10=" > > http://w > > ww.w3.org/2001/10/xml-exc-c14n#" xmlns:ns6=" > > http://schemas.xmlsoap.org/ws/2006/0 > > 2/addressingidentity" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsa=" > > http://www.w3.org/2005/08/addressing"; xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2 > > 004/09/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"; > > xmlns:wsse= > > " > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.x > > sd" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit > > y-utility-1.0.xsd"><wst:RequestType> > > http://schemas.xmlsoap.org/ws/2005/02/trust/ > > Issue</wst:RequestType><InformationCardReference:InformationCardReference > > xmlns: > > InformationCardReference="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > xmlns= > > "http://schemas.xmlsoap.org/ws/2005/05/identity > > "><InformationCardReference:CardI > > > > d>urn:Sample-XML-File&cardid=mbooth-local-wednesday</InformationCardReferenc > > > > e:CardId><InformationCardReference:CardVersion>1</InformationCardReference:CardV > > > > ersion></InformationCardReference:InformationCardReference><ic:RequestDisplayTok > > en xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > xml:lang="en-us"/>< > > > > wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType><wst:Claims>< > > ic:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > Uri="http > > :// > > schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier > > "/><i > > c:ClaimType xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > Uri="http: > > //schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress > > "/></wst:Claims><ws > > > > t:Lifetime><wsu:Created>2010-01-20T11:57:17.605Z</wsu:Created><wsu:Expires>2010- > > 01-21T11:57:17.605Z</wsu:Expires></wst:Lifetime><wst:KeyType> > > http://schemas.xmls > > oap.org/ws/2005/05/identity/NoProofKey</wst:KeyType><ic:ClientPseudonym > > xmlns:ic > > ="http://schemas.xmlsoap.org/ws/2005/05/identity > > "><ic:PPID>QbxIK8+UQzkJfozeqaUcb > > > > ACRO9fj33bqs3GG0/W2okI=</ic:PPID></ic:ClientPseudonym></wst:RequestSecurityToken > > ></S:Body></S:Envelope> > > > > > > THE BAD REQUEST (FROM PROXY.TEST): > > ---------------------------------- > > > > 11:58:33,011 DEBUG LogHelper.trace (71): Request: <S:Envelope xmlns:S=" > > http://ww > > w.w3.org/2003/05/soap-envelope"><S:Header><Security xmlns=" > > http://docs.oasis-ope > > n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp > > xml > > ns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > > > > ty-1.0.xsd"><wsu:Created>2010-01-20T16:58:32.862Z</wsu:Created><wsu:Expires>2010 > > -01-27T16:58:32.862Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken > > xmlns:wsse > > =" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0 > > . > > xsd"><wsse:Username>mbooth</wsse:Username><wsse:Password Type=" > > http://docs.oasis > > - > > open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > "> > > mbooth</wsse:Password></wsse:UsernameToken></Security><To xmlns=" > > http://www.w3.o > > rg/2005/08/addressing">https://localhost:9443/TokenService/services/Trust > > </To><A > > ction xmlns="http://www.w3.org/2005/08/addressing";> > > http://schemas.xmlsoap.org/ws > > /2005/02/trust/RST/Issue</Action><ReplyTo xmlns=" > > http://www.w3.org/2005/08/addre > > ssing"> > > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> > > </ReplyTo><MessageID xmlns="http://www.w3.org/2005/08/addressing > > ">uuid:c0d27080- > > > > e2de-4428-b294-505b4c5c85d2</MessageID></S:Header><S:Body><wst:RequestSecurityTo > > ken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:ns10=" > > http://w > > ww.w3.org/2001/10/xml-exc-c14n#" xmlns:ns6=" > > http://schemas.xmlsoap.org/ws/2006/0 > > 2/addressingidentity" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsa=" > > http://www.w3.org/2005/08/addressing"; xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2 > > 004/09/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"; > > xmlns:wsse= > > " > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.x > > sd" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit > > y-utility-1.0.xsd"><wst:RequestType> > > http://schemas.xmlsoap.org/ws/2005/02/trust/ > > Issue</wst:RequestType><InformationCardReference:InformationCardReference > > xmlns: > > InformationCardReference="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > xmlns= > > "http://schemas.xmlsoap.org/ws/2005/05/identity > > "><InformationCardReference:CardI > > > > d>urn:Sample-XML-File&cardid=mbooth-local-wednesday</InformationCardReferenc > > > > e:CardId><InformationCardReference:CardVersion>1</InformationCardReference:CardV > > > > ersion></InformationCardReference:InformationCardReference><ic:RequestDisplayTok > > en xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"; > > xml:lang="en-us"/>< > > > > wst:TokenType/><wst:Claims/><wst:Lifetime><wsu:Created>2010-01-20T11:58:32.966Z< > > > > /wsu:Created><wsu:Expires>2010-01-21T11:58:32.966Z</wsu:Expires></wst:Lifetime>< > > wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey > > </wst:KeyTy > > pe><ic:ClientPseudonym xmlns:ic=" > > http://schemas.xmlsoap.org/ws/2005/05/identity"; > > > > ><ic:PPID>FDnw3jHirmTKn7byTvNx+1rGhEVE//3RYa+MSkUVvMk=</ic:PPID></ic:ClientPseud > > onym></wst:RequestSecurityToken></S:Body></S:Envelope> > > > > ______________________________________________________________________ > > Disclaimer: This email message and any attachments are for the sole use of > > the intended recipient(s) and may contain information that is confidential, > > legally privileged or otherwise exempt from disclosure under applicable law. > > If you are not the intended recipient(s) or have received this message in > > error, you are instructed to immediately notify the sender by return email > > and required to delete this message from your computer system. This > > communication does not form any contractual obligation on behalf of the > > sender, the sender's employer or such employer's parent company, affiliates > > or subsidiaries. > > > > _______________________________________________ > > higgins-dev mailing list > > [email protected] > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > > > _______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
