Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
CardSpace Interop
Note: the tables on this page look terrible when viewed with IE. They look fine in Firefox and Safari.
Contents
Identity Providers
- http://wag.bandit-project.org Bandit's Wag Identity Provider
- https://higgins.eclipse.org/TokenService
- https://fugenmisp.federationportal.com (not working) FuGen MISP Test IP
- https://wwww.ibmidentitydemo.com IBM IdP (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com)
- Internet2/Shibboleth Identity Provider
- http://www.identityblog.com/humanpresent/humanauth.php IdentityBlog HumanPresent Identity Provider
- http://sts.labs.live.com/ Windows Live Labs Identity Provider
- https://www.pingidentitylabs.com Ping Identity Provider
- http://pip.verisignlabs.com VeriSign Personal Identity Provider ("identity" card)
- http://pip.verisignlabs.com VeriSign Personal Identity Provider ("account" card)
- https://sample.identity.wso2.org:9443/cards-download.html WSO2 Identity Provider (Add to hosts file:192.168.101.201 sample.identity.wso2.org)
- http://xmldap.org/sts/cardmanager XMLDAP Identity Provider
Relying Party Sites
- https://woof.bandit-project.org Bandit RP Basic
- https://woof.bandit-project.org Bandit RP Advanced
- (not available) BMC RP
- (not available) CA RP
- https://socialphotos.federationportal.com FuGen SocialPhotos RP
- http://server1.interop.onr.com:8080/RelyingPartyDemoApp/index.jsp Higgins Relying Party
- (no longer available) https://www.ibmidentitydemo.com/ IBM Relying Party (Add to hosts file:165.228.160.239 www.ibmidentitydemo.com in Catalyst interop room)
- Internet2 U of Washington
- http://www.identityblog.com/helloworld/infocard-demo.php IdentityBlog: HelloWorld Token Demo
- http://www.identityblog.com/sts/infocard-demo.php IdentityBlog: HumanPresent Relying Party
- http://sts.labs.live.com/register.aspx Windows Live Labs: Live Labs IdP Relying Party (Sign in link is at the top right, must have a passport account)
- http://relay.labs.live.com/download.aspx Windows Live Labs: Live Labs Managed Card Relying Party
- http://131.107.153.200/ Microsoft test site: Age STS Relying Party
- http://cardspace.textd.net/ Microsoft test site: Fabrikam Friends Relying Party using an EV certificate
- http://demo.netmesh.us/ (not active yet) NetMesh Relying Party
- http://pamelaproject.com/jostest PW-jos Joomla Plugin (16)
- http://pamelaproject.com/wptest PW-wp Wordpress Plugin (uses XHTML, changes content based on cameratype claim)
- http://interop.oracle.com/catalyst Oracle Relying Party
- https://www.pingidentitylabs.com Ping RP
- (not available) Sxip Access RP
- http://jpip.verisignlabs.com VeriSign RP
- https://ww2.wso2.org:3443/identity/ WSO2 Relying Party
- (no longer available) https://sample.identity.wso2.org:9443/javarp/ (Available only at Catalyst interop room) WSO2 Relying Party 2
- https://xmldap.org/relyingparty/ XMLDAP Relying Party
- http://www.cardspacedemos.com/FriendsWithCards/
- https://higgins.eclipse.org/RelyingPartyDemoApp/ --Higgins demonstration relying party site (see Deployments
Test Results (June 27 2007 Catalyst Interopathon)
Test #1: Importing an i-card
This section describes the success/failure results of attempting to import managed cards from the IdP/STSs listed above.
IdP/STS | H1(build 60, 2007-06-27)+ HBX(0.8.3.1) | H2 | H3 |
---|---|---|---|
Success | |||
1, 2 | Working | Working | Working |
4, 7 | ? | ? | Working |
5 | ? | Working | Working mostly (see failure below) |
6 | Working | Working | |
9, 10 | Working | ? | ? |
11 | ? | ? | ? |
12 | Working | ? | Working |
Failure | |||
3 | Unable to test: site not up | Cannot get manged card to view claims in iss
They appear to use http instead of https which fails for all H2 test |
|
6 | Unable to test: H1 has no personal cards with which to sign in | ||
8 | Unable to test: this site doesn't appear to issue i-cards | ||
12 | "Failure: java.lang.RuntimeException: Could not process xml token
org.eclipse.higgins.rp.server.impl.Login.doPost(Login.java:215) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803)" |
.
Test #2: Signing in to RP site (IdP/card-independent results)
This section describes the results of trying to sign in to the RP sites enumerated above. The presumption is that the IA holds at least one suitable card. In the interest of parsimony, this section does not exhaustively chronicle every combination of suitable IdP/card with each RP site. Instead it lists shows the general results with the RP independent. IdP/card-specific failure combinations are listed in the section after this one.
RP Site | H1(build 60, 2007-06-27)+ HBX(0.8.3.1) | H2 | H3 |
---|---|---|---|
Success | |||
1, 2, 16, 17, 24 | Working | Working | Working |
5, 6 | Working | Working | |
8 | Working | Working | |
10 | Working | ? | |
12 | Working | ? | |
7 | ? | Working (Managed and Personal) | Working (Managed) |
9 | ? | Working (Managed and Personal) | Working (Managed) |
11 | ? | ? | |
14 | Working (Managed) | ||
18 | Working (Managed and Personal) | ||
19 | Working (Managed and Personal) | ||
21 | Working | ? | |
22 | Working | ? | Working |
23 | ? | ? | ? |
Failure | |||
5 | Fails | ||
6 | Fails, no XmlToken was supplied to the server | ||
11 | not attempted: requires sts.livelabs nickname in a personal card | Site does not recognize Higgins IA | |
12 | ? | Site does not recognize Higgins IA | |
13 | ? | H2 IA doesn't support RP STS (yet) | Need DOB Claim, still not working even though Mike has added claim, the Higgins IA is not showing a matching card |
14 | A purple message box pops up saying "A problem occurred: Undefined" | Site doesn't recognize Higgins IA | |
18 | Get error: "Authentication failed. The Oracle SSO authentication system has hit an error. Please try logging in again." | Not working, seems to be an Oracle issue | |
19 | Does not recognize the Higgins IA | ? | ? |
.
Test #2: Signing in to RP site (Failure exceptions to previous section)
This section lists card-specific (or to be more precise IdP-dependent) failures in trying to sign in to RP sites enumerated above.
IdP/STS | RP site | H1(build 60, 2007-06-27)+ HBX(0.8.3.1) | H2 | H3 |
---|---|---|---|---|
6 | 9 | Fails | ||
<various> | 5 | No, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption. | ||
5 | 8 | Working with Higgins Managed card. Not working with a UW managed card, we hit an issue with an IdP that does not set the AppliesTo: in the card and thus is looking to the IA to do this but it looks like RPPS is not doing this. So we will have cases at the interop where there are AppliesTo: in the card and cases where its not, so we have to be able to pass it on if its there and let the STS do the encryption and the case where its not there is where you will do the encryption. | ||
1 | 8 | Accepts any cards, doesn't recognize the issuer but does validate and print claims | ||
1 | 10 | ISS never comes up. | ||
1 | 12 | Got their card, appears to fail because the use http instead of https with their sts | ||
1 | 20 | No errors reported at ISS but prompts for basic auth after i-card is submited. | ||
2 | 6 | Fails. I tried to back a managed card with a personal card and get error 51968. Managed cards cannot be imphiggins.eclipse.org is listed as the issuer, but that is a non-existent site. | ||
5 | 8 | Accepts any cards | ||
12 | 24 | Fails | ||
5 | 24 | Fails |
Known bugs
- If HBX displays an alert box "Alert:TypeError:soap.getRPPSService() has no properties", restart Firefox
Reference
- The "hosts" file is located in %SystemRoot%\System32\Drivers\Etc folder on a Windows computer.