Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

GTK Selector 1.1-Win

Revision as of 21:39, 6 October 2009 by Ptrevithick.gmail.com (Talk | contribs) (Packaged Windows Installer)

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

This page describes Native code I-Card Selector for Firefox and IE (also callable by local apps) for Windows.

Version

This is the updated 1.1 version of the Higgins 1.0 GTK and Cocoa Selector 1.0.

Overview

Entire GTK Selector 1.1-Win solution consists of the following components:

This page mostly describe GTK variant of the Selector UI for Windows that consume services from Local I-Card Service Package in order to be able to manage local store of I-Cards and to retrieve security tokens for them. Local I-Card Service could optionaly be configured to synchronize local card store with the remote one using CardSync Service.

End-User Perspective

For the end-user, this technology provides the following benefits:

  • Relying party sites do not need to store sensitive identity information.
  • Users are put in control of their own identity information and can choose who they trust to store their sensitive data.
  • Rather than updating dozens of accounts whenever some piece of identity information changes (such as a phone number), users can update their information at one (or a small number) of IDP sites.
  • Users can interact with sites without ever disclosing their identity. For example, an STS can issue a token asserting that a user's age is greater than some required value without disclosing anything else about the user. Because of the trust relationship the relying party has with the STS, it can be sure that that the assertion is true.

Functionality

Iss data flow.jpg

The selector interact with Information Card-compatible web sites and services. In a typical use case, a user wants to complete some type of transaction with a relying party site. This usually requires the exchange of identity information such as the user's given name, surname, street address, and e-mail address. By using an Information Card-aware web browser (such as Firefox or IE with the selector extension installed), a user can easily provide the required information by selecting an appropriate Information Card from the set of cards that they own. The flow of data in this case would be:

  • A user visits a web site that supports Information Card-compatible tokens.
  • By clicking on a link or button, an identity selector interface appears and presents a list of cards that satisfy the policy of the web site.
  • A card is selected by the user.
  • Credentials needed to access the IDP (i.e., ldap directory or something similar) are requested by the identity selector.
  • The credentials and required claims are bundled into a request that is signed and sent to the Security Token Service (STS).
  • The STS extracts information from the token request, authenticates the user via the IDP, and retrieves the requested claim values. The response is bundled into a message that is signed by the STS and returned to the identity selector.
  • The identity selector passes the token returned by the STS to the relying party site.
  • The relying party site verifies that the token is issued by a trusted STS and that the token is valid (signature is good, token hasn't expired, etc.).
  • Claim values are extracted from the token by the relying party and are used to complete the transaction.

Setup

<to be written>

Deployer Perspective

Building

The required project is:

  • app/org.eclipse.higgins.selector.ui.gtk

This project can be checked out from the Eclipse repository at the following SVN URI:

https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/app/org.eclipse.higgins.selector.ui.gtk

You can check it out from the Eclipse repository using a MS Visual C++ plugin like http://ankhsvn.open.collab.net/, or by using an external SVN tool such as http://tortoisesvn.tigris.org/.

To avoid problems, you should check it out into a directory that does not contain any spaces, e.g. C:\Higgins\org.eclipse.higgins.selector.ui.gtk.

These instructions are for building the solution with MS Visual C++ 2008 Express Edition.

You need the following software:

To avoid problems, you should install the above software in their default locations (e.g. C:\OpenSSL and C:\Gtk).

You need to add the path to cmake.exe to your PATH environment variable.

The project is designed to be built with cmake, and in order to be able to import it into MS Visual C++, the necessary project files have to be created using the special scripts configure_vs.bat and setupvc.bat, which are included with the org.eclipse.higgins.selector.ui.gtk project. You may have to edit both scripts and adjust local paths before you can run them. Also, you have to change the line

cmake -G "Visual Studio 8 2005" ../..

... to ...

cmake -G "Visual Studio 9 2008" ../..

... depending on which version of MS Visual C++ you are using.

After these steps, you can run the configure_vs.bat script. This will create MS Visual C++ project files in the path build\vc relative to the org.eclipse.higgins.selector.ui.gtk project.

The main MS Visual C++ project file is identityselector.sln. You should be able to open this in MS Visual C++ and run a build.

If during the build you get the error "You appear to be building against the wrong version of OpenSSL", you need to do the following:

  1. In your OpenSSL installation (e.g. in C:\OpenSSL), open the file include\openssl\opensslconf.h.
  2. Change all occurences of the string OPENSSL_SYSNAME_WIN64A to OPENSSL_SYSNAME_WIN32.
  3. Re-run the build

After the build succeeds, in order to run the main executable bin\identityselector.exe, you need to manually assemble a directory structure as follows:

  • YOUR_DEPLOYMENT_DIRECTORY\: all files and sub-directories from build\vc\build\share\identityselector
  • YOUR_DEPLOYMENT_DIRECTORY\bin\: identityselector.exe and *.dll from build\vc\build\bin\Debug
  • YOUR_DEPLOYMENT_DIRECTORY\bin\: libssl32.dll, libeay32.dll and ssleay32.dll from your OpenSSL installation
  • YOUR_DEPLOYMENT_DIRECTORY\bin\: msvcm90d.dll, msvcp90d.dll, msvcr90d.dll and Microsoft.VC90.DebugCRT.manifest from your MS Visual C++ installation

Configuration

GTK selector UI uses "%HOMEPATH%\.ftk\settings\58EB0021-F939-48BA-B872-E93C4B380D4F\settings.xml" configuration file at runtime to read and store its configuration. If this file doesn't exist GTK selector will create one with the default settings at first sturt up.

By default selector UI uses file system card store that stores cards in "%HOMEPATH%\.iss\iss_cards" filder.

Selector UI could be configured to use synchronizing card store that synchronizes local card store with the remote one by using CardSync Service endpoint. For now synchronizing card store uses ISAMDatadase that is pre-configured to use "%HOMEPATH%\.iss\hscs_cards" folder to store card localy but could be configured what CardSync Service endpoint to use.


In order to configure Selector UI to use synchronized card store the above configuration file should be manually updated to have CARDS section like in the following example.

  • Note: right now GTK selector is unable to create user account on CardSync Service endpoint. So, you need to use your real user name and password for rh155.azigo.net I-Card Service endpoint.
  • Note: that while synchronizing card store is at the development stage it may be necessary to remove entire "%HOMEPATH%\.iss\hscs_cards" folder when you want to use new version of the selector due to possible data format changes.
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Settings>
   <Section Id="CARDS">
      <Setting Name="STORE.TYPE" Data="urn:org:eclipse:higgins:cardstore:type:hcsp"/>
      <Setting Name="STORE.URI" Data="http://rh155.azigo.net/cardsync-new/rs"/>
      <Setting Name="STORE.USERNAME" Data="testUser"/>
      <!--
         your username goes here
 
      -->
      <Setting Name="STORE.PASSWORD" Data="testPassword"/>
      <!--
         your password goes here
 
      -->
   </Section>
   <Section Id="gtkui">
      <Setting Name="MAIN.X" Data="733"/>
      <Setting Name="MAIN.Y" Data="116"/>
      <Setting Name="MAIN.WIDTH" Data="640"/>
      <Setting Name="MAIN.HEIGHT" Data="480"/>
      <Setting Name="MAIN.PANEPOS" Data="291"/>
      <Setting Name="MAIN.COLWIDTH" Data="264"/>
      <Setting Name="MAIN.SHOWTOOLBAR" Data="true"/>
   </Section>
</Settings>

Developer Perspective

Architecture

GTK-selector-1.1.120.png

(Diagram Key)

Components, Packages & Services

Components:

Packages:

Services:

Back to the top