[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] self-issued STS authentication
|
Daniel,
On 18-Sep-07, at 6:30 AM, Daniel Sanders wrote:
Are you talking about a managed card whose user credential is a
self-issued card? If so, that feature has been available in the
STS for much longer than two months now, and it works fine.
Yes, sorry for the ambiguity, that's what I meant.
You have to make sure that your context provider supports the
credential type. The JNDI provider supports it. You also have to
make sure that when you issue the managed card, you create an
association between the PPID+public Key of the personal card and
the user profile so that when the STS authenticates using that PPID
+public key, it will be able to find the correct user profile. The
JNDI context provider creates a SHA1 hash of PPID+public key and
expects to be able to lookup the user object by querying on an
attribute called 'cardKeyHash' using that holds the hash value.
The cardKeyHash attribute needs to be populated by the process that
issues the managed card.
I'm using r671 from https://forgesvn1.novell.com/svn/bandit/trunk,
which has the last change date Jul 23, with an OpenLDAP JNDI context
provider.
All the above is done by the Higgins STS, but
XMLSecurityApacheExtension.DecryptElement() throws the exception
below, when calling xmlCipher.doFinal() :
org.apache.xml.security.encryption.XMLEncryptionException: Illegal
key size
Original Exception was java.security.InvalidKeyException: Illegal key
size
The problem seems to be with this call in DecryptElement(), which
returns an empty dom Element:
final org.w3c.dom.Element domEncryptedData = (org.w3c.dom.Element)
elemEncryptedData.getAs(org.w3c.dom.Element.class);
Has anyone seen this before, or has it been fixed since July?
Thanks!
Johnny