[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] self-issued STS authentication
|
You need to download and install the unlimited crypto jurisdiction files -
instructions are here:
http://java.sun.com/products/jce/index-14.html#UnlimitedDownload
Regards,
Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 09/18/2007 05:07:48 PM:
> Daniel,
>
> On 18-Sep-07, at 6:30 AM, Daniel Sanders wrote:
>
> > Are you talking about a managed card whose user credential is a
> > self-issued card? If so, that feature has been available in the
> > STS for much longer than two months now, and it works fine.
>
> Yes, sorry for the ambiguity, that's what I meant.
>
> > You have to make sure that your context provider supports the
> > credential type. The JNDI provider supports it. You also have to
> > make sure that when you issue the managed card, you create an
> > association between the PPID+public Key of the personal card and
> > the user profile so that when the STS authenticates using that PPID
> > +public key, it will be able to find the correct user profile. The
> > JNDI context provider creates a SHA1 hash of PPID+public key and
> > expects to be able to lookup the user object by querying on an
> > attribute called 'cardKeyHash' using that holds the hash value.
> > The cardKeyHash attribute needs to be populated by the process that
> > issues the managed card.
>
> I'm using r671 from https://forgesvn1.novell.com/svn/bandit/trunk,
> which has the last change date Jul 23, with an OpenLDAP JNDI context
> provider.
>
> All the above is done by the Higgins STS, but
> XMLSecurityApacheExtension.DecryptElement() throws the exception
> below, when calling xmlCipher.doFinal() :
>
> org.apache.xml.security.encryption.XMLEncryptionException: Illegal
> key size
> Original Exception was java.security.InvalidKeyException: Illegal key
> size
>
> The problem seems to be with this call in DecryptElement(), which
> returns an empty dom Element:
>
> final org.w3c.dom.Element domEncryptedData = (org.w3c.dom.Element)
> elemEncryptedData.getAs(org.w3c.dom.Element.class);
>
>
> Has anyone seen this before, or has it been fixed since July?
>
>
> Thanks!
> Johnny
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev