Skip to main content
Jump to: navigation, search

CardSpace Interop

Note: the tables on this page look terrible when viewed with IE. They look fine in Firefox and Safari.

Identity Providers

  1. http://wag.bandit-project.org Bandit's Wag Identity Provider
  2. https://higgins.eclipse.org/TokenService
  3. https://fugenmisp.federationportal.com (not working) FuGen MISP Test IP
  4. https://wwww.ibmidentitydemo.com IBM IdP (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com)
  5. Internet2/Shibboleth Identity Provider
  6. http://www.identityblog.com/humanpresent/humanauth.php IdentityBlog HumanPresent Identity Provider
  7. http://sts.labs.live.com/ Windows Live Labs Identity Provider
  8. https://www.pingidentitylabs.com Ping Identity Provider
  9. http://pip.verisignlabs.com VeriSign Personal Identity Provider ("identity" card)
  10. http://pip.verisignlabs.com VeriSign Personal Identity Provider ("account" card)
  11. https://sample.identity.wso2.org:9443/cards-download.html WSO2 Identity Provider (Add to hosts file:192.168.101.201 sample.identity.wso2.org)
  12. http://xmldap.org/sts/cardmanager XMLDAP Identity Provider

Relying Party Sites

  1. https://woof.bandit-project.org Bandit RP Basic
  2. https://woof.bandit-project.org Bandit RP Advanced
  3. (not available) BMC RP
  4. (not available) CA RP
  5. https://socialphotos.federationportal.com FuGen SocialPhotos RP
  6. http://server1.interop.onr.com:8080/RelyingPartyDemoApp/index.jsp Higgins Relying Party
  7. (no longer available) https://www.ibmidentitydemo.com/ IBM Relying Party (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com in Catalyst interop room)
  8. Internet2 U of Washington
  9. http://www.identityblog.com/helloworld/infocard-demo.php IdentityBlog: HelloWorld Token Demo
  10. http://www.identityblog.com/sts/infocard-demo.php IdentityBlog: HumanPresent Relying Party
  11. http://sts.labs.live.com/register.aspx Windows Live Labs: Live Labs IdP Relying Party (Sign in link is at the top right, must have a passport account)
  12. http://relay.labs.live.com/download.aspx Windows Live Labs: Live Labs Managed Card Relying Party
  13. http://131.107.153.200/ Microsoft test site: Age STS Relying Party
  14. http://cardspace.textd.net/ Microsoft test site: Fabrikam Friends Relying Party using an EV certificate
  15. http://demo.netmesh.us/ (not active yet) NetMesh Relying Party
  16. http://pamelaproject.com/jostest PW-jos Joomla Plugin (16)
  17. http://pamelaproject.com/wptest PW-wp Wordpress Plugin (uses XHTML, changes content based on cameratype claim)
  18. http://interop.oracle.com/catalyst Oracle Relying Party
  19. https://www.pingidentitylabs.com Ping RP
  20. (not available) Sxip Access RP
  21. http://jpip.verisignlabs.com VeriSign RP
  22. https://ww2.wso2.org:3443/identity/ WSO2 Relying Party
  23. (no longer available) https://sample.identity.wso2.org:9443/javarp/ (Available only at Catalyst interop room) WSO2 Relying Party 2
  24. https://xmldap.org/relyingparty/ XMLDAP Relying Party
  25. http://www.cardspacedemos.com/FriendsWithCards/
  26. https://higgins.eclipse.org/RelyingPartyDemoApp/ --Higgins demonstration relying party site (see Deployments

Test Results (June 27 2007 Catalyst Interopathon)

Test #1: Importing an i-card

This section describes the success/failure results of attempting to import managed cards from the IdP/STSs listed above.

IdP/STS H1(build 60, 2007-06-27)+ HBX(0.8.3.1) H2 H3
Success
1, 2 Working Working Working
4, 7 ? ? Working
5 ? Working Working mostly (see failure below)
6 Working Working
9, 10 Working ? ?
11 ? ? ?
12 Working ? Working
Failure
3 Unable to test: site not up Cannot get manged card to view claims in iss

They appear to use http instead of https which fails for all H2 test

6 Unable to test: H1 has no personal cards with which to sign in
8 Unable to test: this site doesn't appear to issue i-cards
12 "Failure: java.lang.RuntimeException: Could not process xml token

org.eclipse.higgins.rp.server.impl.Login.doPost(Login.java:215) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803)"

.

Test #2: Signing in to RP site (IdP/card-independent results)

This section describes the results of trying to sign in to the RP sites enumerated above. The presumption is that the IA holds at least one suitable card. In the interest of parsimony, this section does not exhaustively chronicle every combination of suitable IdP/card with each RP site. Instead it lists shows the general results with the RP independent. IdP/card-specific failure combinations are listed in the section after this one.

RP Site H1(build 60, 2007-06-27)+ HBX(0.8.3.1) H2 H3
Success
1, 2, 16, 17, 24 Working Working Working
5, 6 Working Working
8 Working Working
10 Working ?
12 Working ?
7 ? Working (Managed and Personal) Working (Managed)
9 ? Working (Managed and Personal) Working (Managed)
11 ? ?
14 Working (Managed)
18 Working (Managed and Personal)
19 Working (Managed and Personal)
21 Working ?
22 Working ? Working
23 ? ? ?
Failure
5 Fails
6 Fails, no XmlToken was supplied to the server
11 not attempted: requires sts.livelabs nickname in a personal card Site does not recognize Higgins IA
12 ? Site does not recognize Higgins IA
13 ? H2 IA doesn't support RP STS (yet) Need DOB Claim, still not working even though Mike has added claim, the Higgins IA is not showing a matching card
14 A purple message box pops up saying "A problem occurred: Undefined" Site doesn't recognize Higgins IA
18 Get error: "Authentication failed. The Oracle SSO authentication system has hit an error. Please try logging in again." Not working, seems to be an Oracle issue
19 Does not recognize the Higgins IA ? ?

.

Test #2: Signing in to RP site (Failure exceptions to previous section)

This section lists card-specific (or to be more precise IdP-dependent) failures in trying to sign in to RP sites enumerated above.

IdP/STS RP site H1(build 60, 2007-06-27)+ HBX(0.8.3.1) H2 H3
6 9 Fails
<various> 5 No, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption.
5 8 Working with Higgins Managed card. Not working with a UW managed card, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption.
1 8 Accepts any cards, doesn't recognize the issuer but does validate and print claims
1 10 ISS never comes up.
1 12 Got their card, appears to fail because the use http instead of https with their sts
1 20 No errors reported at ISS but prompts for basic auth after i-card is submited.
2 6 Fails. I tried to back a managed card with a personal card and get error 51968. Managed cards cannot be imphiggins.eclipse.org is listed as the issuer, but that is a non-existent site.
5 8 Accepts any cards
12 24 Fails
5 24 Fails

Known bugs

  1. If HBX displays an alert box "Alert:TypeError:soap.getRPPSService() has no properties", restart Firefox

Reference

  • The "hosts" file is located in %SystemRoot%\System32\Drivers\Etc folder on a Windows computer.

Links

Back to the top