Jonathan, > OK, so I took a step back. Now, I'm only trying to send a personal > card that I've created with the Azigo selector. I've looked at the > database and it seems that the card has been correctly imported. Here > are the errors that I get.
1. Does RPPS work with Azigo Selector? I do not see any logging about sending a token by p-card in rpps_error.log file. > Then, on the RPPS side, I get those errors that I find concerning: > 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] LogHelper.error > (LogHelper.java:119) - No Extension Configuration Found. This is rather a managed STS error. > 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] > CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) - > Returning STS Fault: No Configuration Found. I need more info about this error. But, briefly, RPPS uses ClientConfiguration.xml (for m-card) and PersonalConfiguration.xml (for p-card). Your PersonalConfiguration.xml looks correct. RPPS should be configured in the same way as STS: you need to set "org.eclipse.higgins.sts.conf" property with a path to your ConfigurationFile folder. > I've attached the remaining of the logs for both the STS and the RPPS sts_error.log is rather a log of Cloud Selector than STS. > Does this additional information gives any more insights about my > problem? Please, do the following: 1. set RPPS logging level to ERROR. 2. clean catalina.out. 3. start RPPS. 4. try to log in with a p-card using Azigo Selector (not Cloud Selector). 5. send the result log file. Thanks, Sergey Lyakhov On Thu, 8 Apr 2010 21:28:46 -0400 Jonathan Tellier <[email protected]> wrote: > OK, so I took a step back. Now, I'm only trying to send a personal > card that I've created with the Azigo selector. I've looked at the > database and it seems that the card has been correctly imported. Here > are the errors that I get. > > First, the cloud selector gives me: > RP discovery / realm validation disabled; this option SHOULD be > enabled for OPs > > Then, on the RPPS side, I get those errors that I find concerning: > 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] LogHelper.error > (LogHelper.java:119) - No Extension Configuration Found. > > 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] > CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) - > Returning STS Fault: No Configuration Found. > > 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] > RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) - > org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException > > I've attached the remaining of the logs for both the STS and the RPPS > along with the ~/.higgins and ~/ConfigurationFile folders used by > CardSync. > > Does this additional information gives any more insights about my > problem? > > Thanks, > Jonathan > > > On Wed, Apr 7, 2010 at 12:20 PM, Jonathan Tellier > <[email protected]> wrote: > > Hi, > > > > Thank you for taking the time to try to help me. > > > >> 1. I did not found any critical error in your RPPS log. Suppose it > >> should successfully create and send p-cards. Is it correct? > > > > No. I can create personal (and managed) cards, but I can't send any. > > When I try to send a personal card, I get: > > > > AxisFault > > faultCode: > > {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed > > faultSubcode: faultString: The specified request failed > > faultActor: STS > > faultNode: > > faultDetail: > > {http://xml.apache.org/axis/}hostname:higgins > > > > By looking at that error, I would imagine that some configuration > > that should point to my host is not set correctly, but I can't find > > it. > > > >> 2. Does you try to send a m-card of your STS? I see the following > >> in your STS log: > >> ...... > > > > Yes, this error occurs when I try to send a managed card. I've > > updated my ManagedConfiguration.xml, but the error still happens. > > I've attached my new and updated config file so you can see if I've > > made any errors (note that the address of the server changed since > > I've deployed it elsewhere). If you need some other configuration > > files, I can also send them. > > > > Thanks for your time, > > Jonathan > > > > > >> > >> ..... > >> AxisFault > >> faultCode: > >> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed > >> faultSubcode: faultString: The specified request failed > >> faultActor: > >> faultNode: > >> faultDetail: > >> {}Explanation:No Configuration Found. > >> .... > >> > >> Suppose it will be fixed after you set a correct "Issuer" URI > >> ( https://207.162.8.222:8443/TokenService/services/Trust ) in > >> "AppliesToMapper" section of ManagedConfiguration.xml (373 line). > >> > >> Thanks, > >> Sergey Lyakhov > >> > >> On Wed, 31 Mar 2010 10:21:02 -0400 > >> Jonathan Tellier <[email protected]> wrote: > >> > >>> I've had to redeploy everything on a new server, so I've taken the > >>> opportunity to use two instances of tomcat. One for CardSync and > >>> one for the STS/RP/CloudSelector. That way, configuration files > >>> and logs are more separated. I'm still not able to send card to > >>> CardSync though... > >>> > >>> I've paid a close attention to the logs while I'm creating a > >>> user, a card and importing it using the Azigo Selector. There's > >>> no errors whatsoever during this process. Then, I've tried to > >>> manually make a getTokenObject SOAP call to CardSync. This is the > >>> call I've made: > >>> > >>> <soapenv:Envelope > >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > >>> xmlns:wsd="urn:RPPSService/wsdlRPPSService" > >>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";> > >>> <soapenv:Header/> > >>> <soapenv:Body> > >>> <wsd:getTokenObject > >>> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";> > >>> <userId xsi:type="xsd:string">foo9</userId> > >>> <password xsi:type="xsd:string">bar9</password> > >>> <policy xsi:type="xsd:string"> > >>> <object type="application/x-informationCard" > >>> name="xmlToken"> <param name="privacyUrl" > >>> value="http://wiki.eclipse.org/Cloud_Selector"; /> > >>> <param name="privacyVersion" value="1" /> > >>> <param name="tokenType" > >>> value="urn:oasis:names:tc:SAML:1.0:assertion" /> > >>> <param name="requiredClaims" > >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; > >>> /> > >>> <param name="optionalClaims" > >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname > >>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; > >>> /> > >>> </object> > >>> </policy> > >>> <policytype xsi:type="xsd:string">cardspace</policytype> > >>> <sslCert xsi:type="xsd:string"></sslCert> > >>> <cuids xsi:type="wsd:ArrayOf_xsd_string" > >>> soapenc:arrayType="xsd:string[]"> > >>> > >>> <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=upass_foo9</item> > >>> </cuids> > >>> <typeofCredential > >>> xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential> > >>> <credentialKey xsi:type="wsd:ArrayOf_xsd_string" > >>> soapenc:arrayType="xsd:string[]"> > >>> <item>url</item> > >>> <item>saveCard</item> > >>> <item>saveCredential</item> > >>> <item>address</item> > >>> <item>metadataAddress</item> > >>> <item>username</item> > >>> <item>password</item> > >>> </credentialKey> > >>> <credentialValue xsi:type="wsd:ArrayOf_xsd_string" > >>> soapenc:arrayType="xsd:string[]"> > >>> <item>http://<my server's > >>> IP>:8080/proxy.web/server-carddetails</item> > >>> <item>false</item> > >>> <item>false</item> > >>> <item>https://localhost:8443/TokenService/services/Trust</item> > >>> > >>> <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item> > >>> <item>foo9</item> > >>> <item>bar9</item> > >>> </credentialValue> > >>> </wsd:getTokenObject> > >>> </soapenv:Body> > >>> </soapenv:Envelope> > >>> > >>> I've attached the logs for CardSync and for the TokenService > >>> corresponding to that operation. Note that in the logs, I'm > >>> starting the server, making the SOAP request and stopping the > >>> server. Noting more. I've been scrutinizing the logs, my config > >>> files and trying to fix that problem for quite some time now, but > >>> I can't find the cause or the solution to my problem. I think > >>> that this part, in the TokenService logs might have something to > >>> do with it, but I'm not sure: > >>> > >>> AxisFault > >>> faultCode: > >>> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed > >>> faultSubcode: faultString: The specified request failed > >>> faultActor: > >>> faultNode: > >>> faultDetail: > >>> {}Explanation:No Configuration Found. > >>> > >>> What kind of configuration is this referring to? > >>> > >>> Well anyway, If any of you has a couple of minutes to spare and > >>> could help, I'd really appreciate it. > >>> > >>> Thanks, > >>> Jonathan > >>> > >>> > >>> On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier > >>> <[email protected]> wrote: > >>> > Hello, > >>> > > >>> > I've attached logs for all steps in the process: > >>> > > >>> > - Staring the server > >>> > - Creating a card with the STS > >>> > - Importing a card with the Azigo selector > >>> > - Logging to the test RP with the CloudSelector > >>> > > >>> > As for my config files, which ones do you want? > >>> > > >>> > Since I start tomcat with the following java opts: > >>> > -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles > >>> > -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml > >>> > -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties > >>> > -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks > >>> > -Djava.library.path=$CATALINA_HOME/native_lib/ > >>> > -Duser.home=/usr/share/higgins > >>> > > >>> > I've attached the content of: > >>> > - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles > >>> > - /usr/share/higgins > >>> > > >>> > Is there any other info that you would need? > >>> > > >>> > Thanks, > >>> > Jonathan > >>> > > >>> > > >>> > On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov > >>> > <[email protected]> wrote: > >>> >> Jonathan, > >>> >> > >>> >>> So, are I-Card Providers defined in > >>> >>> "ProvidersConfiguration.xml"? If it's the case, where could I > >>> >>> find a template of that file? > >>> >> > >>> >> ProvidersConfiguration.xml is just an alternative way of ICard > >>> >> providers configuration and should not affect on RPPS. What > >>> >> version of RPPS do you use? Can you provide your configuration > >>> >> files / error log? > >>> >> > >>> >> Thanks, > >>> >> Sergey Lyakhov > >>> >> > >>> >> On Tue, 23 Mar 2010 14:44:26 -0400 > >>> >> Jonathan Tellier <[email protected]> wrote: > >>> >> > >>> >>> I think I might have found something of interest. As I've > >>> >>> mentioned earlier, I get a FileNotFoundException on > >>> >>> "ProvidersConfiguration.xml". Now, I've just realized that > >>> >>> this error also occurs when I'm trying to import a card. > >>> >>> After some research, I've learned that I-Card Providers > >>> >>> manage the persistence of I-Cards. So, would it be possible > >>> >>> that the reason why I can't send I-Cards using the > >>> >>> CloudSelector is actually because the cards are not properly > >>> >>> imported? From what I can deduce, this would make sense since > >>> >>> in the stack trace that I see when trying to send a card, > >>> >>> there seem to be some problems parsing the card data. > >>> >>> > >>> >>> So, are I-Card Providers defined in > >>> >>> "ProvidersConfiguration.xml"? If it's the case, where could I > >>> >>> find a template of that file? > >>> >>> > >>> >>> Thanks, > >>> >>> Jonathan > >>> >>> > >>> >>> > >>> >>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier > >>> >>> <[email protected]> wrote: > >>> >>> > In the past few days, I've done some debugging and have > >>> >>> > found out a small piece of information that I hope could be > >>> >>> > useful. Basically, I've figured out the parameters which > >>> >>> > are used to when performing the getTokenObject SOAP call > >>> >>> > where trying to use a username/password card. Here there > >>> >>> > are: > >>> >>> > > >>> >>> > userId: foo > >>> >>> > > >>> >>> > password: bar > >>> >>> > > >>> >>> > policy: > >>> >>> > <object type="application/x-informationCard" > >>> >>> > name="xmlToken"> <param name="privacyUrl" > >>> >>> > value="http://wiki.eclipse.org/Cloud_Selector"; /> <param > >>> >>> > name="privacyVersion" value="1" /> <param name="tokenType" > >>> >>> > value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param > >>> >>> > name="requiredClaims" > >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; > >>> >>> > /> > >>> >>> > <param name="optionalClaims" > >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname > >>> >>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; > >>> >>> > /> > >>> >>> > </object> > >>> >>> > > >>> >>> > policytype: cardspace > >>> >>> > > >>> >>> > sslCert: > >>> >>> > > >>> >>> > cuids: > >>> >>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my > >>> >>> > server's > >>> >>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto > >>> >>> > > >>> >>> > typeofCredential: ITSUsernamePasswordCredential > >>> >>> > > >>> >>> > credentialKey: > >>> >>> > url > >>> >>> > saveCard > >>> >>> > saveCredential > >>> >>> > address > >>> >>> > metadataAddress > >>> >>> > username > >>> >>> > password > >>> >>> > > >>> >>> > credentialValue: > >>> >>> > http://<my server's address>/proxy.web/server-carddetails > >>> >>> > false > >>> >>> > false > >>> >>> > https://<my server's address>/TokenService/services/Trust > >>> >>> > https://<my server's > >>> >>> > address>/TokenService/services/MetadataUsernameToken foo > >>> >>> > bar > >>> >>> > > >>> >>> > I've also tried to manually send a SOAP request to CardSync > >>> >>> > and also to use a card from https://openidcards.sxip.com/, > >>> >>> > but in both cases, I get the same "The specified request > >>> >>> > failed" error. I would like to try the > >>> >>> > http://higgins.eclipse.org/TokenService STS, but for every > >>> >>> > action I try to perform using it, I get: > >>> >>> > > >>> >>> > exception: javax.naming.CommunicationException: > >>> >>> > higgins.watson.ibm.com:636 [Root exception is > >>> >>> > java.net.ConnectException: Connection refused] > >>> >>> > > >>> >>> > So, is there something wrong with the parameters that are > >>> >>> > used? Does anyone has an idea about how I could solve my > >>> >>> > problem? > >>> >>> > > >>> >>> > Thanks, > >>> >>> > Jonathan > >>> >>> > > >>> >>> > > >>> >>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier > >>> >>> > <[email protected]> wrote: > >>> >>> >> Hello there, > >>> >>> >> > >>> >>> >> I think that I'm almost done with my local deployment of > >>> >>> >> the CloudSelector/CardSync/TokenService, but I've still > >>> >>> >> got some problems. When I try to send a personal card or a > >>> >>> >> card that uses a Username Token, I get a STSFaultException > >>> >>> >> caused by this error: > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1] > >>> >>> >> LogHelper.error (LogHelper.java:119) - No Extension > >>> >>> >> Configuration Found. > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1] > >>> >>> >> CardSpaceSelector.getIdentityToken > >>> >>> >> (CardSpaceSelector.java:495) - Returning > >>> >>> >> STS Fault: No Configuration Found. > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1] > >>> >>> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) - > >>> >>> >> org.eclipse.hig > >>> >>> >> gins.icard.provider.cardspace.common.STSFaultException > >>> >>> >> > >>> >>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException > >>> >>> >> at > >>> >>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496) > >>> >>> >> at > >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245) > >>> >>> >> at > >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310) > >>> >>> >> at > >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438) > >>> >>> >> at > >>> >>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830) > >>> >>> >> [... stacktrace continues ...] > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6] > >>> >>> >> CardsServlet.error (CardsServlet.java:103) - Sorry, we > >>> >>> >> could not process the OpenID request: The specified > >>> >>> >> request failed > >>> >>> >> > >>> >>> >> AxisFault > >>> >>> >> faultCode: > >>> >>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed > >>> >>> >> faultSubcode: faultString: The specified request failed > >>> >>> >> faultActor: STS > >>> >>> >> faultNode: > >>> >>> >> faultDetail: > >>> >>> >> {http://xml.apache.org/axis/}hostname:salmond > >>> >>> >> > >>> >>> >> When I try to send a card that uses a Self Signed SAML > >>> >>> >> Token, I get: org.eclipse.higgins.iss.ISSException: Cannot > >>> >>> >> find the Personal card used to authenticate for this > >>> >>> >> managed card. > >>> >>> >> > >>> >>> >> When logging with the card selector, I've also got this > >>> >>> >> error, but I don't know if it's relevant or not since it > >>> >>> >> does not prevent any actions. > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1] > >>> >>> >> ICardSelectorService.getICardSelector > >>> >>> >> (ICardSelectorService.java:148) > >>> >>> >> - org.eclipse.higgins.iss.PolicyParseException: Can not > >>> >>> >> parse password managed policy. Root element is not > >>> >>> >> PwmPolicy > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1] > >>> >>> >> ConfigurationHandler.omFromFile > >>> >>> >> (ConfigurationHandler.java:180) - > >>> >>> >> java.io.FileNotFoundException: > >>> >>> >> /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml > >>> >>> >> (No such file or directory) > >>> >>> >> > >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1] > >>> >>> >> ConfigurationHandler.configure > >>> >>> >> (ConfigurationHandler.java:288) > >>> >>> >> - > >>> >>> >> /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml > >>> >>> >> (No such file or directory) > >>> >>> >> > >>> >>> >> What is this "ProvidersConfiguration.xml" file? I could not > >>> >>> >> find any reference to it anywhere. > >>> >>> >> > >>> >>> >> Finally, when configuring my deployment, I've had to > >>> >>> >> comment out references to some classes in the > >>> >>> >> "ClientConfiguration.xml" file. I've had to comment > >>> >>> >> references to > >>> >>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler" > >>> >>> >> and > >>> >>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler" > >>> >>> >> because they don't seem to be present in B-1-1M7 and to > >>> >>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory" > >>> >>> >> because the instance returned was always null. Could this > >>> >>> >> be related to the problems I'm encountering when trying to > >>> >>> >> send cards? > >>> >>> >> > >>> >>> >> I would like to provide more information regarding those > >>> >>> >> errors, but I don't really understand them... So if any of > >>> >>> >> you has any ideas about the cause of those errors, please > >>> >>> >> share them because at this point, any help would be gladly > >>> >>> >> appreciated. > >>> >>> >> > >>> >>> >> Thanks, > >>> >>> >> Jonathan > >>> >>> >> > >>> >>> > > >>> >>> _______________________________________________ > >>> >>> higgins-dev mailing list > >>> >>> [email protected] > >>> >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev > >>> >>> > >>> >> > >>> >> > >>> >> > >>> > > >> > >> > >> _______________________________________________ > >> higgins-dev mailing list > >> [email protected] > >> https://dev.eclipse.org/mailman/listinfo/higgins-dev > >> > > _______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
