[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| Re: [higgins-dev] Re: Problem sending cards to CardSync | 
Jonathan,
> OK, so I took a step back. Now, I'm only trying to send a personal
> card that I've created with the Azigo selector. I've looked at the
> database and it seems that the card has been correctly imported. Here
> are the errors that I get.
1. Does RPPS work with Azigo Selector? I do not see any logging about
sending a token by p-card in rpps_error.log file.
> Then, on the RPPS side, I get those errors that I find concerning:
> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] LogHelper.error
> (LogHelper.java:119) - No Extension Configuration Found.
This is rather a managed STS error.
 
> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
> CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) -
> Returning STS Fault: No Configuration Found.
I need more info about this error. But, briefly, RPPS uses
ClientConfiguration.xml (for m-card) and
PersonalConfiguration.xml (for p-card). Your
PersonalConfiguration.xml looks correct.
RPPS should be configured in the same way as STS: you need to set 
"org.eclipse.higgins.sts.conf" property with a path to your
ConfigurationFile folder.
> I've attached the remaining of the logs for both the STS and the RPPS
sts_error.log is rather a log of Cloud Selector than STS.
> Does this additional information gives any more insights about my
> problem?
Please, do the following:
1. set RPPS logging level to ERROR.
2. clean catalina.out.
3. start RPPS.
4. try to log in with a p-card using Azigo Selector (not Cloud
Selector).
5. send the result log file.
Thanks,
Sergey Lyakhov
On Thu, 8 Apr 2010 21:28:46 -0400
Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
> OK, so I took a step back. Now, I'm only trying to send a personal
> card that I've created with the Azigo selector. I've looked at the
> database and it seems that the card has been correctly imported. Here
> are the errors that I get.
> 
> First, the cloud selector gives me:
> RP discovery / realm validation disabled; this option SHOULD be
> enabled for OPs
> 
> Then, on the RPPS side, I get those errors that I find concerning:
> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1] LogHelper.error
> (LogHelper.java:119) - No Extension Configuration Found.
> 
> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
> CardSpaceSelector.getIdentityToken (CardSpaceSelector.java:495) -
> Returning STS Fault: No Configuration Found.
> 
> 08 Apr 2010 20:45:40,752 ERROR [http-8081-1]
> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
> 
> I've attached the remaining of the logs for both the STS and the RPPS
> along with the ~/.higgins and ~/ConfigurationFile folders used by
> CardSync.
> 
> Does this additional information gives any more insights about my
> problem?
> 
> Thanks,
> Jonathan
> 
> 
> On Wed, Apr 7, 2010 at 12:20 PM, Jonathan Tellier
> <jonathan.tellier@xxxxxxxxx> wrote:
> > Hi,
> >
> > Thank you for taking the time to try to help me.
> >
> >> 1. I did not found any critical error in your RPPS log. Suppose it
> >> should successfully create and send p-cards. Is it correct?
> >
> > No. I can create personal (and managed) cards, but I can't send any.
> > When I try to send a personal card, I get:
> >
> > AxisFault
> >  faultCode:
> > {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
> > faultSubcode: faultString: The specified request failed
> >  faultActor: STS
> >  faultNode:
> >  faultDetail:
> >        {http://xml.apache.org/axis/}hostname:higgins
> >
> > By looking at that error, I would imagine that some configuration
> > that should point to my host is not set correctly, but I can't find
> > it.
> >
> >> 2. Does you try to send a m-card of your STS? I see the following
> >> in your STS log:
> >> ......
> >
> > Yes, this error occurs when I try to send a managed card. I've
> > updated my ManagedConfiguration.xml, but the error still happens.
> > I've attached my new and updated config file so you can see if I've
> > made any errors (note that the address of the server changed since
> > I've deployed it elsewhere). If you need some other configuration
> > files, I can also send them.
> >
> > Thanks for your time,
> > Jonathan
> >
> >
> >>
> >> .....
> >> AxisFault
> >>  faultCode:
> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
> >> faultSubcode: faultString: The specified request failed
> >>  faultActor:
> >>  faultNode:
> >>  faultDetail:
> >>        {}Explanation:No Configuration Found.
> >> ....
> >>
> >> Suppose it will be fixed after you set a correct "Issuer" URI
> >> ( https://207.162.8.222:8443/TokenService/services/Trust ) in
> >> "AppliesToMapper" section of ManagedConfiguration.xml (373 line).
> >>
> >> Thanks,
> >> Sergey Lyakhov
> >>
> >> On Wed, 31 Mar 2010 10:21:02 -0400
> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
> >>
> >>> I've had to redeploy everything on a new server, so I've taken the
> >>> opportunity to use two instances of tomcat. One for CardSync and
> >>> one for the STS/RP/CloudSelector. That way, configuration files
> >>> and logs are more separated. I'm still not able to send card to
> >>> CardSync though...
> >>>
> >>> I've paid a close attention to the logs while I'm creating a
> >>> user, a card and importing it using the Azigo Selector. There's
> >>> no errors whatsoever during this process. Then, I've tried to
> >>> manually make a getTokenObject SOAP call to CardSync. This is the
> >>> call I've made:
> >>>
> >>> <soapenv:Envelope
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> >>> xmlns:wsd="urn:RPPSService/wsdlRPPSService"
> >>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
> >>>    <soapenv:Header/>
> >>>    <soapenv:Body>
> >>>       <wsd:getTokenObject
> >>> soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
> >>>          <userId xsi:type="xsd:string">foo9</userId>
> >>>          <password xsi:type="xsd:string">bar9</password>
> >>>          <policy xsi:type="xsd:string">
> >>>        <object type="application/x-informationCard"
> >>> name="xmlToken"> <param name="privacyUrl"
> >>> value="http://wiki.eclipse.org/Cloud_Selector" />
> >>>          <param name="privacyVersion" value="1" />
> >>>          <param name="tokenType"
> >>> value="urn:oasis:names:tc:SAML:1.0:assertion" />
> >>>          <param name="requiredClaims"
> >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
> >>> />
> >>>          <param name="optionalClaims"
> >>> value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
> >>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
> >>> />
> >>>        </object>
> >>>       </policy>
> >>>          <policytype xsi:type="xsd:string">cardspace</policytype>
> >>>          <sslCert xsi:type="xsd:string"></sslCert>
> >>>          <cuids xsi:type="wsd:ArrayOf_xsd_string"
> >>> soapenc:arrayType="xsd:string[]">
> >>>          <item>org.eclipse.higgins.icard.provider.cardspace.managed.db#https://localhost:8443/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=upass_foo9</item>
> >>>          </cuids>
> >>>          <typeofCredential
> >>> xsi:type="xsd:string">ITSUsernamePasswordCredential</typeofCredential>
> >>>          <credentialKey xsi:type="wsd:ArrayOf_xsd_string"
> >>> soapenc:arrayType="xsd:string[]">
> >>>          <item>url</item>
> >>>            <item>saveCard</item>
> >>>          <item>saveCredential</item>
> >>>          <item>address</item>
> >>>            <item>metadataAddress</item>
> >>>            <item>username</item>
> >>>          <item>password</item>
> >>>          </credentialKey>
> >>>          <credentialValue xsi:type="wsd:ArrayOf_xsd_string"
> >>> soapenc:arrayType="xsd:string[]">
> >>>            <item>http://<my server's
> >>> IP>:8080/proxy.web/server-carddetails</item>
> >>>            <item>false</item>
> >>>          <item>false</item>
> >>>          <item>https://localhost:8443/TokenService/services/Trust</item>
> >>>          <item>https://localhost:8443/TokenService/services/MetadataUsernameToken</item>
> >>>          <item>foo9</item>
> >>>            <item>bar9</item>
> >>>          </credentialValue>
> >>>       </wsd:getTokenObject>
> >>>    </soapenv:Body>
> >>> </soapenv:Envelope>
> >>>
> >>> I've attached the logs for CardSync and for the TokenService
> >>> corresponding to that operation. Note that in the logs, I'm
> >>> starting the server, making the SOAP request and stopping the
> >>> server. Noting more. I've been scrutinizing the logs, my config
> >>> files and trying to fix that problem for quite some time now, but
> >>> I can't find the cause or the solution to my problem. I think
> >>> that this part, in the TokenService logs might have something to
> >>> do with it, but I'm not sure:
> >>>
> >>> AxisFault
> >>>  faultCode:
> >>> {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestFailed
> >>> faultSubcode: faultString: The specified request failed
> >>>  faultActor:
> >>>  faultNode:
> >>>  faultDetail:
> >>>         {}Explanation:No Configuration Found.
> >>>
> >>> What kind of configuration is this referring to?
> >>>
> >>> Well anyway, If any of you has a couple of minutes to spare and
> >>> could help, I'd really appreciate it.
> >>>
> >>> Thanks,
> >>> Jonathan
> >>>
> >>>
> >>> On Tue, Mar 23, 2010 at 4:15 PM, Jonathan Tellier
> >>> <jonathan.tellier@xxxxxxxxx> wrote:
> >>> > Hello,
> >>> >
> >>> > I've attached logs for all steps in the process:
> >>> >
> >>> > - Staring the server
> >>> > - Creating a card with the STS
> >>> > - Importing a card with the Azigo selector
> >>> > - Logging to the test RP with the CloudSelector
> >>> >
> >>> > As for my config files, which ones do you want?
> >>> >
> >>> > Since I start tomcat with the following java opts:
> >>> >  -Dorg.eclipse.higgins.sts.conf=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles
> >>> > -Dorg.eclipse.higgins.sts.conf.file=ManagedConfiguration.xml
> >>> > -Dorg.eclipse.higgins.sts.log4j.properties=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/log4j.properties
> >>> > -Djavax.net.ssl.trustStore=$CATALINA_HOME/webapps/TokenService/ConfigurationFiles/localhost.jks
> >>> > -Djava.library.path=$CATALINA_HOME/native_lib/
> >>> > -Duser.home=/usr/share/higgins
> >>> >
> >>> > I've attached the content of:
> >>> > - $CATALINA_HOME/webapps/TokenService/ConfigurationFiles
> >>> > - /usr/share/higgins
> >>> >
> >>> > Is there any other info that you would need?
> >>> >
> >>> > Thanks,
> >>> > Jonathan
> >>> >
> >>> >
> >>> > On Tue, Mar 23, 2010 at 3:25 PM, Sergey Lyakhov
> >>> > <slyakhov@xxxxxxxxxxxxxx> wrote:
> >>> >> Jonathan,
> >>> >>
> >>> >>> So, are I-Card Providers defined in
> >>> >>> "ProvidersConfiguration.xml"? If it's the case, where could I
> >>> >>> find a template of that file?
> >>> >>
> >>> >> ProvidersConfiguration.xml is just an alternative way of ICard
> >>> >> providers configuration and should not affect on RPPS. What
> >>> >> version of RPPS do you use? Can you provide your configuration
> >>> >> files / error log?
> >>> >>
> >>> >> Thanks,
> >>> >> Sergey Lyakhov
> >>> >>
> >>> >> On Tue, 23 Mar 2010 14:44:26 -0400
> >>> >> Jonathan Tellier <jonathan.tellier@xxxxxxxxx> wrote:
> >>> >>
> >>> >>> I think I might have found something of interest. As I've
> >>> >>> mentioned earlier, I get a FileNotFoundException on
> >>> >>> "ProvidersConfiguration.xml". Now, I've just realized that
> >>> >>> this error also occurs when I'm trying to import a card.
> >>> >>> After some research, I've learned that I-Card Providers
> >>> >>> manage the persistence of I-Cards. So, would it be possible
> >>> >>> that the reason why I can't send I-Cards using the
> >>> >>> CloudSelector is actually because the cards are not properly
> >>> >>> imported? From what I can deduce, this would make sense since
> >>> >>> in the stack trace that I see when trying to send a card,
> >>> >>> there seem to be some problems parsing the card data.
> >>> >>>
> >>> >>> So, are I-Card Providers defined in
> >>> >>> "ProvidersConfiguration.xml"? If it's the case, where could I
> >>> >>> find a template of that file?
> >>> >>>
> >>> >>> Thanks,
> >>> >>> Jonathan
> >>> >>>
> >>> >>>
> >>> >>> On Fri, Mar 19, 2010 at 4:49 PM, Jonathan Tellier
> >>> >>> <jonathan.tellier@xxxxxxxxx> wrote:
> >>> >>> > In the past few days, I've done some debugging and have
> >>> >>> > found out a small piece of information that I hope could be
> >>> >>> > useful. Basically, I've figured out the parameters which
> >>> >>> > are used to when performing the getTokenObject SOAP call
> >>> >>> > where trying to use a username/password card. Here there
> >>> >>> > are:
> >>> >>> >
> >>> >>> > userId: foo
> >>> >>> >
> >>> >>> > password: bar
> >>> >>> >
> >>> >>> > policy:
> >>> >>> > <object type="application/x-informationCard"
> >>> >>> > name="xmlToken"> <param name="privacyUrl"
> >>> >>> > value="http://wiki.eclipse.org/Cloud_Selector" /> <param
> >>> >>> > name="privacyVersion" value="1" /> <param name="tokenType"
> >>> >>> > value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param
> >>> >>> > name="requiredClaims"
> >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
> >>> >>> > <param name="optionalClaims"
> >>> >>> > value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
> >>> >>> > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
> >>> >>> > </object>
> >>> >>> >
> >>> >>> > policytype: cardspace
> >>> >>> >
> >>> >>> > sslCert:
> >>> >>> >
> >>> >>> > cuids:
> >>> >>> > org.eclipse.higgins.icard.provider.cardspace.managed.db#https://<my
> >>> >>> > server's
> >>> >>> > address>/TokenService/services/Trust#urn:Higgins-LDAP-Server&cardid=username_token1_not_appliesto
> >>> >>> >
> >>> >>> > typeofCredential: ITSUsernamePasswordCredential
> >>> >>> >
> >>> >>> > credentialKey:
> >>> >>> > url
> >>> >>> > saveCard
> >>> >>> > saveCredential
> >>> >>> > address
> >>> >>> > metadataAddress
> >>> >>> > username
> >>> >>> > password
> >>> >>> >
> >>> >>> > credentialValue:
> >>> >>> > http://<my server's address>/proxy.web/server-carddetails
> >>> >>> > false
> >>> >>> > false
> >>> >>> > https://<my server's address>/TokenService/services/Trust
> >>> >>> > https://<my server's
> >>> >>> > address>/TokenService/services/MetadataUsernameToken foo
> >>> >>> > bar
> >>> >>> >
> >>> >>> > I've also tried to manually send a SOAP request to CardSync
> >>> >>> > and also to use a card from https://openidcards.sxip.com/,
> >>> >>> > but in both cases, I get the same "The specified request
> >>> >>> > failed" error. I would like to try the
> >>> >>> > http://higgins.eclipse.org/TokenService STS, but for every
> >>> >>> > action I try to perform using it, I get:
> >>> >>> >
> >>> >>> > exception: javax.naming.CommunicationException:
> >>> >>> > higgins.watson.ibm.com:636 [Root exception is
> >>> >>> > java.net.ConnectException: Connection refused]
> >>> >>> >
> >>> >>> > So, is there something wrong with the parameters that are
> >>> >>> > used? Does anyone has an idea about how I could solve my
> >>> >>> > problem?
> >>> >>> >
> >>> >>> > Thanks,
> >>> >>> > Jonathan
> >>> >>> >
> >>> >>> >
> >>> >>> > On Mon, Mar 15, 2010 at 8:59 PM, Jonathan Tellier
> >>> >>> > <jonathan.tellier@xxxxxxxxx> wrote:
> >>> >>> >> Hello there,
> >>> >>> >>
> >>> >>> >> I think that I'm almost done with my local deployment of
> >>> >>> >> the CloudSelector/CardSync/TokenService, but I've still
> >>> >>> >> got some problems. When I try to send a personal card or a
> >>> >>> >> card that uses a Username Token, I get a STSFaultException
> >>> >>> >> caused by this error:
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:42:32,267 ERROR [http-8443-1]
> >>> >>> >> LogHelper.error (LogHelper.java:119) - No Extension
> >>> >>> >> Configuration Found.
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:42:32,268 ERROR [http-8443-1]
> >>> >>> >> CardSpaceSelector.getIdentityToken
> >>> >>> >> (CardSpaceSelector.java:495) - Returning
> >>> >>> >>  STS Fault: No Configuration Found.
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:42:32,269 ERROR [http-8443-1]
> >>> >>> >> RPPSServiceImpl.getTokenObject (RPPSServiceImpl.java:833) -
> >>> >>> >> org.eclipse.hig
> >>> >>> >> gins.icard.provider.cardspace.common.STSFaultException
> >>> >>> >>
> >>> >>> >> org.eclipse.higgins.icard.provider.cardspace.common.STSFaultException
> >>> >>> >>        at
> >>> >>> >> org.eclipse.higgins.iss.cardspace.CardSpaceSelector.getIdentityToken(CardSpaceSelector.java:496)
> >>> >>> >> at
> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3245)
> >>> >>> >> at
> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3310)
> >>> >>> >> at
> >>> >>> >> org.eclipse.higgins.rpps.core.impl.RppsService.getTokenObject(RppsService.java:3438)
> >>> >>> >> at
> >>> >>> >> org.eclipse.higgins.rpps.webservices.RPPSServiceImpl.getTokenObject(RPPSServiceImpl.java:830)
> >>> >>> >> [... stacktrace continues ...]
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:42:32,275 ERROR [http-8080-6]
> >>> >>> >> CardsServlet.error (CardsServlet.java:103) - Sorry, we
> >>> >>> >> could not process the OpenID request: The specified
> >>> >>> >> request failed
> >>> >>> >>
> >>> >>> >> AxisFault
> >>> >>> >>  faultCode:
> >>> >>> >> {http://schemas.xmlsoap.org/ws/2005/02/trust}wstRequestFailed
> >>> >>> >> faultSubcode: faultString: The specified request failed
> >>> >>> >>  faultActor: STS
> >>> >>> >>  faultNode:
> >>> >>> >>  faultDetail:
> >>> >>> >>        {http://xml.apache.org/axis/}hostname:salmond
> >>> >>> >>
> >>> >>> >> When I try to send a card that uses a Self Signed SAML
> >>> >>> >> Token, I get: org.eclipse.higgins.iss.ISSException: Cannot
> >>> >>> >> find the Personal card used to authenticate for this
> >>> >>> >> managed card.
> >>> >>> >>
> >>> >>> >> When logging with the card selector, I've also got this
> >>> >>> >> error, but I don't know if it's relevant or not since it
> >>> >>> >> does not prevent any actions.
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:48:16,075 ERROR [http-8443-1]
> >>> >>> >> ICardSelectorService.getICardSelector
> >>> >>> >> (ICardSelectorService.java:148)
> >>> >>> >> - org.eclipse.higgins.iss.PolicyParseException: Can not
> >>> >>> >> parse password managed policy. Root element is not
> >>> >>> >> PwmPolicy
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
> >>> >>> >> ConfigurationHandler.omFromFile
> >>> >>> >> (ConfigurationHandler.java:180) -
> >>> >>> >> java.io.FileNotFoundException: /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
> >>> >>> >> (No such file or directory)
> >>> >>> >>
> >>> >>> >> 15 Mar 2010 20:48:16,121 ERROR [http-8443-1]
> >>> >>> >> ConfigurationHandler.configure
> >>> >>> >> (ConfigurationHandler.java:288)
> >>> >>> >> - /home/jtellier/tomcat/apache-tomcat-6.0.24_sts_cloudselector_rp_cardsync/webapps/TokenService/ConfigurationFiles/ProvidersConfiguration.xml
> >>> >>> >> (No such file or directory)
> >>> >>> >>
> >>> >>> >> What is this "ProvidersConfiguration.xml" file? I could not
> >>> >>> >> find any reference to it anywhere.
> >>> >>> >>
> >>> >>> >> Finally, when configuring my deployment, I've had to
> >>> >>> >> comment out references to some classes in the
> >>> >>> >> "ClientConfiguration.xml" file. I've had to comment
> >>> >>> >> references to
> >>> >>> >> "org.eclipse.higgins.configuration.xml.ContextFactoryHandler"
> >>> >>> >> and
> >>> >>> >> "org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler"
> >>> >>> >> because they don't seem to be present in B-1-1M7 and to
> >>> >>> >> "org.eclipse.higgins.sts.client.MetadataExchangeServiceFactory"
> >>> >>> >> because the instance returned was always null. Could this
> >>> >>> >> be related to the problems I'm encountering when trying to
> >>> >>> >> send cards?
> >>> >>> >>
> >>> >>> >> I would like to provide more information regarding those
> >>> >>> >> errors, but I don't really understand them... So if any of
> >>> >>> >> you has any ideas about the cause of those errors, please
> >>> >>> >> share them because at this point, any help would be gladly
> >>> >>> >> appreciated.
> >>> >>> >>
> >>> >>> >> Thanks,
> >>> >>> >> Jonathan
> >>> >>> >>
> >>> >>> >
> >>> >>> _______________________________________________
> >>> >>> higgins-dev mailing list
> >>> >>> higgins-dev@xxxxxxxxxxx
> >>> >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >>> >>>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>
> >>
> >> _______________________________________________
> >> higgins-dev mailing list
> >> higgins-dev@xxxxxxxxxxx
> >> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >>
> >