Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "CardSpace Interop"
(→Test #1) |
(→Test #1) |
||
| Line 131: | Line 131: | ||
| | | | ||
|not attempted: requires sts.livelabs nickname in a personal card | |not attempted: requires sts.livelabs nickname in a personal card | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |12 | ||
| + | | | ||
| + | |Got their card, appears to fail because the use http instead of https with their sts | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |13 | ||
| + | | | ||
| + | |Selector doesn't support RP STS yet | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |14, 16, 17 | ||
| + | | | ||
| + | |Managed card works | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |15 | ||
| + | | | ||
| + | |not active yet | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |18, 19, 24 | ||
| + | | | ||
| + | |Managed and personal card works | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |20 | ||
| + | | | ||
| + | |No errors reported at ISS but prompts for basic auth after infocard is submited. | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |21 | ||
| + | | | ||
| + | |Not yet ready | ||
| + | | | ||
| + | |-style="background:#ffffff; color:black" | ||
| + | |1 | ||
| + | |22, 23 | ||
| + | | | ||
| + | |Must be tested from interop room | ||
| | | | ||
|-style="background:#ffffff; color:black" | |-style="background:#ffffff; color:black" | ||
Revision as of 18:38, 27 June 2007
In preparation for the Catalyst june 27th Interop demonstration, the following tests (among many others!) were done.
Contents
Identity Providers
- http://wag.bandit-project.org Bandit's Wag Identity Provider
- https://higgins.eclipse.org/TokenService
- https://fugenmisp.federationportal.com (not working) FuGen MISP Test IP
- https://wwww.ibmidentitydemo.com IBM IdP (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com)
- https://lost.cac.washington.edu/icard/ Internet2/Shibboleth Identity Provider
- http://www.identityblog.com/humanpresent/humanauth.php IdentityBlog HumanPresent Identity Provider
- http://sts.labs.live.com/ Windows Live Labs Identity Provider
- https://www.pingidentitylabs.com Ping Identity Provider
- http://jpip.verisignlabs.com VeriSign Personal Identity Provider ("identity" card)
- http://jpip.verisignlabs.com VeriSign Personal Identity Provider ("account" card)
- https://sample.identity.wso2.org:9443/cards-download.html WSO2 Identity Provider (Add to hosts file:192.168.101.201 sample.identity.wso2.org)
- http://xmldap.org/sts/cardmanager XMLDAP Identity Provider
Relying Party Sites
- https://woof.bandit-project.org Bandit RP Basic
- https://woof.bandit-project.org Bandit RP Advanced
- (not available) BMC RP
- (not available) CA RP
- https://socialphotos.federationportal.com FuGen SocialPhotos RP
- http://server1.interop.onr.com:8080/RelyingPartyDemoApp/index.jsp Higgins Relying Party
- https://www.ibmidentitydemo.com/ IBM Relying Party (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com)
- https://lost.cac.washington.edu/icard/ Internet2 U of Washington
- http://www.identityblog.com/helloworld/infocard-demo.php IdentityBlog: HelloWorld Token Demo
- http://www.identityblog.com/sts/infocard-demo.php IdentityBlog: HumanPresent Relying Party
- http://sts.labs.live.com/register.aspx Windows Live Labs: Live Labs IdP Relying Party (Sign in link is at the top right, must have a passport account)
- http://relay.labs.live.com/download.aspx Windows Live Labs: Live Labs Managed Card Relying Party
- http://131.107.153.200/ Microsoft test site: Age STS Relying Party
- http://cardspace.textd.net/ Microsoft test site: Fabrikam Friends Relying Party using an EV certificate
- http://demo.netmesh.us/ (not active yet) NetMesh Relying Party
- http://pamelaproject.com/jostest PW-jos Joomla Plugin (16)
- http://pamelaproject.com/wptest PW-wp Wordpress Plugin (uses XHTML, changes content based on cameratype claim)
- http://interop.oracle.com/catalyst Oracle Relying Party
- https://www.pingidentitylabs.com Ping RP
- (not available) Sxip Access RP
- http://jpip.verisignlabs.com VeriSign RP
- https://ww2.wso2.org:3443/identity/ WSO2 Relying Party
- https://sample.identity.wso2.org:9443/javarp/ (Active only in the interop room) WSO2 Relying Party 2
- https://xmldap.org/relyingparty/ XMLDAP Relying Party
Test Results
Test #1
Steps
- Get m-card from IdP
- Import into IA
- Sign in to RP
| IdP/STS | RP site | H1(build 60, 2007-06-27)+ HBX(0.8.3.1) | H2 | H3 |
|---|---|---|---|---|
| 1, 2, 9, 10 | 1, 5, 6, 8, 10, 16, 17, 21, 24 | Working | ||
| As above | http://interop.oracle.com/catalyst/ | Note 2 | ||
| As above | http://cardspace.textd.net/ | A purple message box pops up saying "A problem occurred: Undefined" | ||
| http://wag.bandit-project.org | 1, 2 | 1 2 | ||
| 1 | 3 | Not Avail | ||
| 1 | 4 | Not available outside interop room | ||
| 1 | 5 | Fugged | ||
| 1 | 6 | Fails, No XmlToken was supplied to the server | ||
| 1 | 7 | Managed and personal cards work | ||
| 1 | 8 | Accepts any cards, doesn't recognize the issuer but does validate and print claims | ||
| 1 | 9 | Works with managed/private | ||
| 1 | 10 | ISS never comes up. | ||
| 1 | 11 | not attempted: requires sts.livelabs nickname in a personal card | ||
| 1 | 12 | Got their card, appears to fail because the use http instead of https with their sts | ||
| 1 | 13 | Selector doesn't support RP STS yet | ||
| 1 | 14, 16, 17 | Managed card works | ||
| 1 | 15 | not active yet | ||
| 1 | 18, 19, 24 | Managed and personal card works | ||
| 1 | 20 | No errors reported at ISS but prompts for basic auth after infocard is submited. | ||
| 1 | 21 | Not yet ready | ||
| 1 | 22, 23 | Must be tested from interop room | ||
| https://fugenmisp.federationportal.com | https://woof.bandit-project.org Basic | Cannot get manged card to view claims in iss
They appear to use http instead of https which fails for all H2 test |
||
| https://higgins.eclipse.org/TokenService | https://woof.bandit-project.org Basic | 1 2 | ||
| https://higgins.eclipse.org/TokenService | https://woof.bandit-project.org Advanced | 1 2 | ||
| https://higgins.eclipse.org/TokenService | http://server1.interop.onr.com:8080/RelyingPartyDemoApp/index.jsp | Fails. I tried to back a managed card with a personal card and get error 51968. Managed cards cannot be imphiggins.eclipse.org is listed as the issuer, but that is a non-existent site. | ||
| https://lost.cac.washington.edu/icard/ | https://lost.cac.washington.edu/icard/ | Accepts any cards. | ||
| http://www.identityblog.com/humanpresent/humanauth.php | http://www.identityblog.com/sts/infocard-demo.php | works | ||
| http://xmldap.org/sts/cardmanager | https://xmldap.org/relyingparty/ | Fails! | ||
| 1, 2, 5, 6, 7, 9, 16, 17, 22, 24 | Working | |||
| https://lost.cac.washington.edu/icard/ | Working with Higgins Managed card. Not working with a UW managed card, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption. | |||
| http://www.identityblog.com/sts/infocard-demo.ph | Working Does Not work with cards from https://www.identityblog.com/humanpresent/humanauth.php | |||
| 11, 12 | Site does not recognize Higgins IA | |||
| http://131.107.72.15/cardspace/ | Need DOB Claim, still not working even though Mike has added claim, the Higgins IA is not showing a matching card | |||
| https://interop.oracle.com/catalyst/jsso | Not working, seems to be an Oracle | |||
| http://cardspace.demo.pingidentity.com/rp | No site to test with at this time | |||
| http://cardspace.textd.net/ | Site does not recognize Higgins IA | |||
| 1, 2, 4, 6, 7, 12 | Working | |||
| https://lost.cac.washington.edu/icard/ | No, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption. | |||
| http://xmldap.org/sts/cardmanager | "Failure: java.lang.RuntimeException: Could not process xml token
org.eclipse.higgins.rp.server.impl.Login.doPost(Login.java:215) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803)" |
Notes:
- import works. sign-in gets error: Error decrypting encrypted token
- import works. sign-in gets error: "Authentication failed. The Oracle SSO authentication system has hit an error. Please try logging in again."
Known bugs
- If HBX displays an alert box "Alert:TypeError:soap.getRPPSService() has no properties", restart Firefox
Reference
- The "hosts" file is located in %SystemRoot%\System32\Drivers\Etc folder on a Windows computer.