Hi all,
last
week Mary Ruddy distributed to the list some information on some integrations
we made to make possible the use of the Higgins Framework for non web
applications.
In
particular to make possible the use of Higgins between a Java/C++ server
application (acting as RP) and non-interactive Java/C++ clients (i.e.
applications that do not interact with end users to select cards, etc.). For us
an application that needs to authenticate to an RP providing an authentication
token obtained from an STS is a "client application".
The
approach we are using is to wrap some of the Higgins libraries/classes and
write down some additional code so that the Higgins software can be used in the
context depicted above.
In
this way we don't modify the Higgins even if we, in some way, enlarge its
usability in other contexts.
On
the non-interactive client side, we use an iCard associated to the account
under which the client application runs. The iCard is, currently, locally
stored as a CRD file on a client app config directory; additionally we use a
configuration file to specify the location of the iCard CRD file and, in case
the iCard makes use of Username/PWD credentials, the IdP login password.
To
perform the operation to select the ICard we use a configuration file where you
can specify the location of ICard with which to interact with the IDP
and password when authentication with IdP is made through IUsernamePasswordCredential.
To
import the ICard specified into the our configuration file we use the
class
org.eclipse.higgins.icard.provider.securestorage.SecureStorageICardProvider
belonging
to the I-Card Registry component. The method provided by this class is
public
ICard importCard(CallbackHandler, String)
Because
it is a public but not static method we must instantiate the SecureStorageICardProvider
class with the relative constructor.
This
was our solution using Higgins 1.1M4.
When
moving to V1.1M6 we are having problem in using the org.eclipse.higgins.icard.provider.securestorage.SecureStorageICardProvider
class, indeed on line 99 there is the following code:
protected
IConfiguration config = initConfig(this);
This
method makes a chain of other method’s calls as follows:
SecureStorageICardProvider.initConfig(ICardProvider)
ICardRegistry.getInstance()
ICardRegistry()
Constructor
ICardRegistry.initialize()
HCExtensionHelper.getHCExtension()
HCExtensionHelper.getConfig()
The
getConfig() method finally checks the following environment variable:
org.eclipse.higgins.registry.conf.file
If
this variable is not set, the code sets its value to the default
%configuration-home/Configuration/ProvidersConfiguration.xml file.
Two
questions:
·
what kind of info do this
file provides?
·
why there is no sample file
in teh 1.1M6 SVN?
Looking
at the ENV variable and the location of this class (within the icard.registry
package) I suppose this file will be used to configure the I-Card Registry
component.
We
currently don't use this component (it's not clear to us, in teh context we
depicted above, if we can store the iCard in an iCard provider, how to do
this and how to get back the iCard when we have to perform the
transaction with the STS).
Currently,
therfore, we ignore this configuration step (we use this component only to
import the MyCard.crd file into an org.eclipse.higgins.icard.ICard
object).
With
the 1.1M4 version I haven’t this problem; so I suppose version M6 begins the
iCard-Registry configuration process well before the same configuration in M4
version using this unknown file (ProvidersConfiguration.xml).
Due
to the lack of these info and having not clearly understood the "cooking
recipe" of M6, we are still using version 1.1M4 SecureStorageICardProvider
class to create an instance of this class, in which we import the icard stored in
our CRD file.
So
doing eveything works perfectly, even if we are not completely satiisfied of
this M4-M6 code mixing (even if the mixing is very minimal!).
At
this stage, via the SecureStorageICardProvider.importCard(String) method
we can import the card into a ICard instance. The ICard instance
just imported will be passed to the handleGetTokenRequest() method; this
method is the copy of the
org.eclipse.higgins.crpps.service.InfoCardModel.handleGetTokenRequest()
method
with some changes. For example we remove the invocation of the I-Card
Selector Service because we already have the ICard instance. Then we
use the
org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken();
method
to request the security token to the IdP.
We
only add the ICard object into the parameter containing the information
card just imported. Also in this method we have removed the reference to the
unused components (in this case the I-Card Registry because we use our
ICard).
In
our work we use three Higgins files only, located into the %configuration-home/Configuration/
folder:
•
ClientConfiguration.xml: used as envisaged by Higgins 1.1M6 (apart from
customising things like keystore name, ...)
•
PersonalConfiguration.xml: used as envisaged in 1.1M6 even if we remove
all tag's values because we don't use personal cards in our context
•
keystore.jks: containing the X509 certificates associated with the
ICards that we want to use to authenticate the client on the IdP with
IX509V3Credential.
In
addition to these files we have the additional ConfigClient.xml file
described above.
Of
course if someone is able to clarify the use of version 1.1M6 SecureStorageICardProvider
class and its related config file, we would be able to completely avoid
using one M4 class.
Any
suggestion or hints?
As
for the 1.1M4 code, TXT is the available to provide to the Higgisn community
the new code based on 1.1M6.
TIA
============================
Dr. Leonardo Straniero
CRS - Corporate Research

c/o Tecnopolis N.O.
Strada Prov. per Casamassima Km 3
70010 Valenzano (BA) - Italy