Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

HBX Microsoft CardSpace Support

Revision as of 01:12, 16 September 2006 by Paul.socialphysics.org (Talk | contribs)

HBX supports the Microsoft-defined CardSpace web integration flow described in this paper. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a Relying Party Agent (RPA). The security policy indicates the Digital Identity (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.

<object> tag Support

HBX looks for the x-information-typg <object> tag, requests an appropriate Digital Identity token from the Higgins server, retreives it and posts it to the RPA.

In addition to detecting the <object> tag as before, this version also parses and captures each of the parameters (see example below) and values and passes these along to a Higgins server. This has been added in order to support work on the server related to integrating an STS for upcoming demos next week. This version also passes along the website's SSL certificate to the Higgins server.

      <OBJECT type="application/x-informationCard" name="xmlToken">
         <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">
         <PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self">
         <PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/surname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress">
       </OBJECT>

Binary Behaviors Support

NOTE: We PLAN support for binary behaviors very soon, but as of version 0.4.8 it is NOT supported.

Microsoft's new http://sts.labs.live.com uses the "binary behavior" option instead of the <object> tag described above. Here is a sample page:

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ic>
   <head><title>Microsoft Live Labs Relay Service: Downloads</title>
   <link xhref="App_Themes/site_styles.css" rel="stylesheet" type="text/css" />
   <ic:informationcard
     id='infocardBehavior'
     name='infocardBehavior'
     style='behavior: url(#default#informationCard)'
     issuer='http://sts.labs.live.com/trust/InfoCard'
tokenType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1'>
   <ic:add claimtype='http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier' optional='false' />
   </ic:informationcard>
   </head>

Back to the top