Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
HBX Microsoft CardSpace Support
HBX supports the Microsoft-defined CardSpace web integration flow described in this paper. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a Relying Party Agent (RPA). The security policy indicates the Digital Identity (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.
<object> tag Support
HBX looks for the x-information-typg <object> tag, requests an appropriate Digital Identity token from the Higgins server, retreives it and posts it to the RPA.
In addition to detecting the <object> tag as before, this version also parses and captures each of the parameters (see example below) and values and passes these along to a Higgins server. This has been added in order to support work on the server related to integrating an STS for upcoming demos next week. This version also passes along the website's SSL certificate to the Higgins server.
<OBJECT type="application/x-informationCard" name="xmlToken">
<PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">
<PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self">
<PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname,
http://schemas.microsoft.com/ws/2005/05/identity/claims/surname,
http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress">
</OBJECT>