From pwilliams at rapattoni.com Thu May 1 16:34:31 2008
From: pwilliams at rapattoni.com (Peter Williams)
Date: Thu, 1 May 2008 16:34:31 -0700
Subject: [wsf-dev] ECP plugin build/execute feedback
In-Reply-To: <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net>
References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl>
<951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net>
Message-ID: <18498B6C4F691545B050D6A531BA4495030E41CA@rapmsg02.rapnt.com>
I'm a little behind my schedule, but I am making progress, inch by inch.
Last week, I got Shib2 to deliver an (unsigned) AuthnRequest with an ECP
header, wrapped in SOAP1.1. Scott showed how to ensure Shib2 generates a
list of IDPs in the AuthnRequest, which your proxy code will presumably
present to Firefox users - for their selection.
This week I finally (by sheer luck) got PingFederate 5.01 to issue a
signed message (SAML Error) with an ECP header. A second trial, with a
well formed AuthnRequest, does more properly cause PingFederate to now
hit a backend AuthenticationAuthority. One I plug my own
AuthticationAuthority class into PingFederate, its reasonably to now
assume that once IDP processing is complete as IDP PingFedarate WILL
then generate a positive AuthnResponse, with ECP header, all signed and
then wrapped as a SOAP Response.
Sound like the scenario is coming together, using a good variety of
sources for the various components. We seem to have the beginnings of
the http SP endpoint producing PAOS ECP messages, the SOAP-bound IDP
producing an AuthnResponse with the required ECP header block, and your
proxy.
Of course, this has all been done in conformance testing by others ...
but the systems' setup data for those tests is not available to me, and
the product/Shib2 documentation say little or nothing on the topic of
ECP and PAOS. I'm having to figure it out, mostly relying on code
reading, protocol run observations and then trial and error. I do
believe tho - despite the hurdles - that I'm pretty to having your proxy
now intermediate both sides of the ECP handoff.
Peter.
POST /idp/SSO.saml2 HTTP/1.1
Content-Type: text/xml
SOAPAction:
User-Agent: Jakarta Commons-HttpClient/2.0.2
Host: win8pw.rapattoni.local:9030
Cookie: $Version=0; PF=I6teR8rkVrSA990YVihTU5; $Path=/
Content-Length: 567
PF-DEMO
HTTP/1.1 200 OK
Date: Thu, 01 May 2008 23:09:15 GMT
Server: Jetty/5.1.12 (Windows Server 2008/6.0 x86 java/1.6.0_06
Cache-Control: no-cache, no-store
Pragma: no-cache
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/xml
Content-Length: 1983
PF-DEMO
0UbOJJJ78DbKHNNT2v/6waGfm4Q=
NbpJhmzXdyHaIlinoEibXge1Y8hk74+9+h9n28bk1Df6pZYuWLeexbb9Rs6W79jRZfw3nxkI
CypL
uvCUG7ahFX5m0iTkLy44B0ppt0/MADKalZTft2/u6ENxaOmlWgsxjiLSrk+BkNR+N2G9nyMy
DS2P
Px+/2PTwfpDnizZ2IC0=
Request was invalid
XMLcom.pingidentity.com
mon.util.xml.InvalidXmlException: Invalid XML - errors: [error: String:
'ReuN6 kcKciIz6QoYqVrDCkKABT' does not match pattern for
xs:ID]
From: Peter Pritchard [mailto:peter.openliberty at zenn.net]
Sent: Monday, April 28, 2008 11:20 AM
To: wsf-dev at lists.openliberty.org
Cc: Peter Williams
Subject: Re: [wsf-dev] ECP plugin build/execute feedback
Sorry about the docs ...
I will update them soon ...
So I built the final .xpi file, so we no longer have to use eclipse to
launch the extension
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080501/186ed187/attachment-0001.html
From asa.openliberty at zenn.net Thu May 1 17:39:36 2008
From: asa.openliberty at zenn.net (Asa Hardcastle)
Date: Thu, 1 May 2008 20:39:36 -0400
Subject: [wsf-dev] ECP plugin build/execute feedback
In-Reply-To: <18498B6C4F691545B050D6A531BA4495030E41CA@rapmsg02.rapnt.com>
References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl>
<951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net>
<18498B6C4F691545B050D6A531BA4495030E41CA@rapmsg02.rapnt.com>
Message-ID: <217CBAE8-662A-4893-8B1B-7F1C0EBD988D@zenn.net>
This is excellent Peter W.!! Peter P., can you make sure to give
Peter W. all of the support he needs?
asa
--
Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib
Tel: +1.413.429.1044 Skype: subsystem7
On May 1, 2008, at 7:34 PM, Peter Williams wrote:
> I?m a little behind my schedule, but I am making progress, inch by
> inch.
>
> Last week, I got Shib2 to deliver an (unsigned) AuthnRequest with an
> ECP header, wrapped in SOAP1.1. Scott showed how to ensure Shib2
> generates a list of IDPs in the AuthnRequest, which your proxy code
> will presumably present to Firefox users ? for their selection.
>
> This week I finally (by sheer luck) got PingFederate 5.01 to issue a
> signed message (SAML Error) with an ECP header. A second trial, with
> a well formed AuthnRequest, does more properly cause PingFederate to
> now hit a backend AuthenticationAuthority. One I plug my own
> AuthticationAuthority class into PingFederate, its reasonably to now
> assume that once IDP processing is complete as IDP PingFedarate WILL
> then generate a positive AuthnResponse, with ECP header, all signed
> and then wrapped as a SOAP Response.
>
> Sound like the scenario is coming together, using a good variety of
> sources for the various components. We seem to have the beginnings
> of the http SP endpoint producing PAOS ECP messages, the SOAP-bound
> IDP producing an AuthnResponse with the required ECP header block,
> and your proxy.
>
> Of course, this has all been done in conformance testing by others
> ? but the systems? setup data for those tests is not available to
> me, and the product/Shib2 documentation say little or nothing on the
> topic of ECP and PAOS. I?m having to figure it out, mostly relying
> on code reading, protocol run observations and then trial and error.
> I do believe tho - despite the hurdles - that I?m pretty to having
> your proxy now intermediate both sides of the ECP handoff.
>
> Peter.
>
>
>
> POST /idp/SSO.saml2 HTTP/1.1
> Content-Type: text/xml
> SOAPAction:
> User-Agent: Jakarta Commons-HttpClient/2.0.2
> Host: win8pw.rapattoni.local:9030
> Cookie: $Version=0; PF=I6teR8rkVrSA990YVihTU5; $Path=/
> Content-Length: 567
>
>
>
> ForceAuthn="true" IssueInstant="2008-05-01T21:55:38.417Z" ID="ReuN6
> kcKciIz6QoYqVrDCkKABT" Version="2.0">
> PF-DEMO
>
>
>
>
>
>
>
>
>
> HTTP/1.1 200 OK
> Date: Thu, 01 May 2008 23:09:15 GMT
> Server: Jetty/5.1.12 (Windows Server 2008/6.0 x86 java/1.6.0_06
> Cache-Control: no-cache, no-store
> Pragma: no-cache
> max-age: Thu, 01 Jan 1970 00:00:00 GMT
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Type: text/xml
> Content-Length: 1983
>
>
> AssertionConsumerServiceURL="http://win8pw.rapattoni.local:9030/sp/ACS.saml2
> " SOAP-ENV:actor="http://schemas.xmlsoap.org/soap/actor/next"
> xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/> ENV:Header> ID="iEEDq1CCUIH3WU-cbqCYqkWTul6" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol
> ">PF-
> DEMO
>
>
>
>
>
>
>
>
>
> 0UbOJJJ78DbKHNNT2v/6waGfm4Q=
>
>
>
> NbpJhmzXdyHaIlinoEibXge1Y8hk74
> +9+h9n28bk1Df6pZYuWLeexbb9Rs6W79jRZfw3nxkICypL
> uvCUG7ahFX5m0iTkLy44B0ppt0/MADKalZTft2/u6ENxaOmlWgsxjiLSrk+BkNR
> +N2G9nyMyDS2P
> Px+/2PTwfpDnizZ2IC0=
>
> Request was invalid XML samlp:StatusMessage
> >
> <
> samlp:StatusDetail
> >com.pingidentity.common.util.xml.InvalidXmlException:
> Invalid XML - errors: [error: String: 'ReuN6 kcKciIz6QoYqVrDCkKABT'
> does not match pattern for xs:ID] samlp:Status>
>
> From: Peter Pritchard [mailto:peter.openliberty at zenn.net]
> Sent: Monday, April 28, 2008 11:20 AM
> To: wsf-dev at lists.openliberty.org
> Cc: Peter Williams
> Subject: Re: [wsf-dev] ECP plugin build/execute feedback
>
> Sorry about the docs ...
>
> I will update them soon ...
>
> So I built the final .xpi file, so we no longer have to use eclipse
> to launch the extension
>
> _______________________________________________
> Wsf-dev mailing list
> Wsf-dev at lists.openliberty.org
> http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080501/41b17cba/attachment-0001.html
From peter.openliberty at zenn.net Tue May 6 07:23:25 2008
From: peter.openliberty at zenn.net (Peter Pritchard)
Date: Tue, 6 May 2008 10:23:25 -0400
Subject: [wsf-dev] ECP plugin build/execute feedback
In-Reply-To: <217CBAE8-662A-4893-8B1B-7F1C0EBD988D@zenn.net>
References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl>
<951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net>
<18498B6C4F691545B050D6A531BA4495030E41CA@rapmsg02.rapnt.com>
<217CBAE8-662A-4893-8B1B-7F1C0EBD988D@zenn.net>
Message-ID: <985A4152-41C2-40C3-8AF7-B795E05C9152@zenn.net>
Anything I can do, I am all yours .. (sorry for the delay getting back
to you) ... I'm glad you've been able to look around a bit.
If you run into something that needs to be addressed, I can make code
changes quickly.
- Peter Pritchard
peter.openliberty at zenn.net
On May 1, 2008, at 8:39 PM, Asa Hardcastle wrote:
> This is excellent Peter W.!! Peter P., can you make sure to give
> Peter W. all of the support he needs?
>
> asa
>
> --
> Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib
> Tel: +1.413.429.1044 Skype: subsystem7
>
>
> On May 1, 2008, at 7:34 PM, Peter Williams wrote:
>> I?m a little behind my schedule, but I am making progress, inch by
>> inch.
>>
>> Last week, I got Shib2 to deliver an (unsigned) AuthnRequest with
>> an ECP header, wrapped in SOAP1.1. Scott showed how to ensure Shib2
>> generates a list of IDPs in the AuthnRequest, which your proxy code
>> will presumably present to Firefox users ? for their selection.
>>
>> This week I finally (by sheer luck) got PingFederate 5.01 to issue
>> a signed message (SAML Error) with an ECP header. A second trial,
>> with a well formed AuthnRequest, does more properly cause
>> PingFederate to now hit a backend AuthenticationAuthority. One I
>> plug my own AuthticationAuthority class into PingFederate, its
>> reasonably to now assume that once IDP processing is complete as
>> IDP PingFedarate WILL then generate a positive AuthnResponse, with
>> ECP header, all signed and then wrapped as a SOAP Response.
>>
>> Sound like the scenario is coming together, using a good variety of
>> sources for the various components. We seem to have the beginnings
>> of the http SP endpoint producing PAOS ECP messages, the SOAP-bound
>> IDP producing an AuthnResponse with the required ECP header block,
>> and your proxy.
>>
>> Of course, this has all been done in conformance testing by others
>> ? but the systems? setup data for those tests is not available to
>> me, and the product/Shib2 documentation say little or nothing on
>> the topic of ECP and PAOS. I?m having to figure it out, mostly
>> relying on code reading, protocol run observations and then trial
>> and error. I do believe tho - despite the hurdles - that I?m pretty
>> to having your proxy now intermediate both sides of the ECP handoff.
>>
>> Peter.
>>
>>
>>
>> POST /idp/SSO.saml2 HTTP/1.1
>> Content-Type: text/xml
>> SOAPAction:
>> User-Agent: Jakarta Commons-HttpClient/2.0.2
>> Host: win8pw.rapattoni.local:9030
>> Cookie: $Version=0; PF=I6teR8rkVrSA990YVihTU5; $Path=/
>> Content-Length: 567
>>
>>
>>
>> > ForceAuthn="true" IssueInstant="2008-05-01T21:55:38.417Z" ID="ReuN6
>> kcKciIz6QoYqVrDCkKABT" Version="2.0">
>> PF-DEMO
>>
>> > AllowCreate="true"/>
>>
>>
>>
>>
>>
>>
>>
>> HTTP/1.1 200 OK
>> Date: Thu, 01 May 2008 23:09:15 GMT
>> Server: Jetty/5.1.12 (Windows Server 2008/6.0 x86 java/1.6.0_06
>> Cache-Control: no-cache, no-store
>> Pragma: no-cache
>> max-age: Thu, 01 Jan 1970 00:00:00 GMT
>> Expires: Thu, 01 Jan 1970 00:00:00 GMT
>> Content-Type: text/xml
>> Content-Length: 1983
>>
>>
>> > AssertionConsumerServiceURL="http://win8pw.rapattoni.local:9030/sp/ACS.saml2
>> " SOAP-ENV:actor="http://schemas.xmlsoap.org/soap/actor/next"
>> xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>> ENV:Header>> ID="iEEDq1CCUIH3WU-cbqCYqkWTul6" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol
>> ">PF-DEMO
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 0UbOJJJ78DbKHNNT2v/6waGfm4Q=
>>
>>
>>
>> NbpJhmzXdyHaIlinoEibXge1Y8hk74
>> +9+h9n28bk1Df6pZYuWLeexbb9Rs6W79jRZfw3nxkICypL
>> uvCUG7ahFX5m0iTkLy44B0ppt0/MADKalZTft2/u6ENxaOmlWgsxjiLSrk+BkNR
>> +N2G9nyMyDS2P
>> Px+/2PTwfpDnizZ2IC0=
>>
>> Request was invalid XML> samlp:StatusMessage
>> >
>> <
>> samlp:StatusDetail
>> >com.pingidentity.common.util.xml.InvalidXmlException:
>> Invalid XML - errors: [error: String: 'ReuN6 kcKciIz6QoYqVrDCkKABT'
>> does not match pattern for xs:ID]> samlp:Status>
>>
>> From: Peter Pritchard [mailto:peter.openliberty at zenn.net]
>> Sent: Monday, April 28, 2008 11:20 AM
>> To: wsf-dev at lists.openliberty.org
>> Cc: Peter Williams
>> Subject: Re: [wsf-dev] ECP plugin build/execute feedback
>>
>> Sorry about the docs ...
>>
>> I will update them soon ...
>>
>> So I built the final .xpi file, so we no longer have to use eclipse
>> to launch the extension
>>
>> _______________________________________________
>> Wsf-dev mailing list
>> Wsf-dev at lists.openliberty.org
>> http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080506/dc00eb50/attachment-0001.html
From anthonyeden at gmail.com Sun May 25 06:17:29 2008
From: anthonyeden at gmail.com (Anthony Eden)
Date: Sun, 25 May 2008 09:17:29 -0400
Subject: [wsf-dev] Spam on
http://openliberty.org/wiki/index.php/OpenLiberty.org_Wiki:Community_Portal
Message-ID:
Someone has spammed the page
http://openliberty.org/wiki/index.php/OpenLiberty.org_Wiki:Community_Portal
with junk links. I tried to roll back the changes however access is
limited to that page (which makes me wonder how the spammer was able
to make the change). Anyhow, if someone could please undo the spam
that'd be great, thanks!
V/r
Anthony
From subs at maerzcompany.com Sun May 25 08:22:09 2008
From: subs at maerzcompany.com (subs at maerzcompany.com)
Date: Sun, 25 May 2008 17:22:09 +0200
Subject: [wsf-dev] Spam on
http://openliberty.org/wiki/index.php/OpenLiberty.org_Wiki:Community_Portal
In-Reply-To:
References:
Message-ID: <81D5BEE6-D31F-4B0F-8171-FA00DFF1F63E@maerzcompany.com>
I have rolled back the page and blocked the user ...
On 25.05.2008, at 15:17, Anthony Eden wrote:
> Someone has spammed the page
> http://openliberty.org/wiki/index.php/OpenLiberty.org_Wiki:Community_Portal
> with junk links. I tried to roll back the changes however access is
> limited to that page (which makes me wonder how the spammer was able
> to make the change). Anyhow, if someone could please undo the spam
> that'd be great, thanks!
>
> V/r
> Anthony
>
> _______________________________________________
> Wsf-dev mailing list
> Wsf-dev at lists.openliberty.org
> http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org