Hi All,
We actually have developed 3 different
libraries (that use the Higgins Framework code):
·
Java
Server Authentication Library (JSAL): this is the library a server has to use
to manage the authentication process with a client (1.1M4 Higgins code)
·
Java
Client Authentication Library (JCAL): this library has to be used by a
"non-interactive" client (i.e. a client that cannot interact with the
end-user to select an iCard). Using this library even "batch" clients
can use iCards (which are stored in ad hoc files) and mimic the behaviour of "normal"
clients (1.1M6 Higgins Code)
·
Java
Client User Interface Authentication Library (JCUAL): this library has to be
used by interactive clients. It makes possible for a client to use the services
of an iCard Selector (e.g. Microsoft CardSpace) interacting with the
iCard Selector via the Higgins Selector Switch (HSS).
In reference to the JSAL application, it has
the objective to receive an encrypted security token from a client and validate
for authentication purpose. I use the org.eclipse.higgins.rp.icard.ICardProtocolHandler
class. In particular I use the following methods:
·
ICardProtocolHandler.init():
to initialize the protocol to handle the ICard authentication method.
·
ICardProtocolHandler.getKeyStore():
to load the Java Keystore containing the keys and certificates.
·
I written a new method authenticate()
which uses the ICardProtocolHandler.processUserToken() method to
validate, decrypt and extract the user’s claims and call the ICardProtocolHandler.registerCallbacks()
method to store the claims and additional information (such as the SessionID,
TokenType and so on) into an HttpSession object. We store this object into a sessions
store to keep track of users and their information.
Now I expose my question. Looking the
decrypted token obtained into the processUserToken() method I can see the “IssueInstant”
attribute in the saml:Assertion tag. Nobody before now has ever thought
that it is useful to include this information within the TttpSession object
returned after the processToken() method to track token issue instant?
For example, that information can be used by
the server’s main logic to manage the expiration time of the tokens received.
Is this feature provided for the next Version
of Higgins?
Any feedbacks will be appreciated.
TIA
Best Regards.
============================
Dr. Leonardo Straniero
CRS - Corporate Research

c/o Tecnopolis N.O.
Strada Prov. per Casamassima
Km 3
70010 Valenzano (BA)
- Italy