issue card using iishosted username service

Sep 10, 2008 at 8:14 PM
I downloaded the code and compiled fine. I created a virtuarl direcory which points to the SharpSTS.IIShosted directory.

I don't know what to do next to get the Card issued.  I wish to use the username and password for the card authortication.

Any help will be appreciative.

thanks,
Sue
Coordinator
Sep 11, 2008 at 7:56 AM
OK so if you look at the projects there's a command line card issuer; which uses a service exposed on the IISHosted site. So add a proxy in your own web project to point to the card issuing service; cardControl.svc.

From that you can create a new GetRequestBody, set the authentication type to AuthenticationType.UserNamePassword, set the hints and identifiers and away you go. Take a look at program.cs in the command line issuer, and the ini files which hopefully illustrate some of the differing authentication types.

Do let me know if you need more help :)
Sep 11, 2008 at 7:00 PM

There is another question.  I got plain text saml assertion on RP side, I guess I have to Encrypt the SAML assertion for the RSTR in my RP-STS side in order to get encrypted saml in RP.  I guess your XmlEncryptedTokenSerializer.cs and EncryptedData.cs can do the encryption, but when I tried, I got this.cipherText = null in the WriteTo method call.

public void WriteTo(XmlWriter writer)
            {
                writer.WriteStartElement("enc", "CipherData", "http://www.w3.org/2001/04/xmlenc#");
                writer.WriteStartElement("enc", "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
                if (this.iv != null)
                {
                    writer.WriteBase64(this.iv, 0, this.iv.Length);
                }

                writer.WriteBase64(this.cipherText, 0, this.cipherText.Length);  //this.cipherText = null here
                writer.WriteEndElement();
                writer.WriteEndElement();
            }

I added some logging in SetCipherValueFragments method of EncryptedData.cs file:

public void SetCipherValueFragments(byte[] initialisationVector, byte[] cipher)
            {
                this.iv = initialisationVector;
                this.cipherText = cipher;

                System.Text.Encoding enc = System.Text.Encoding.ASCII;
                string cipherTextString = "cipher = " + enc.GetString(cipher);
                debugRPSTS(cipherTextString);

               string cipherTextString2 = "this.cipherText = " + enc.GetString(this.cipherText);
                debugRPSTS(cipherTextString2);
            }

Both cipher and this.cipherText are not null.  I don't understand why this.cipherText become null in WriteTo method, since SetCipherValueFragments( ) is called before WriteTo( ).

thanks,
Sue

Coordinator
Sep 11, 2008 at 8:58 PM
Ah heck. OK when I did the last bunch of stylecop checkins it looks like it broke badly.

If I use a previous version (hurrah for source control!) it works; otherwise if you have an STS that requires applies to (which then calls that encryption helper) it barfs.

So I'll try to tidy up and refactor it again; and check it in tonight or tomorrow. Apologies!
Coordinator
Sep 11, 2008 at 9:56 PM
OK a fixed version is in, let me know how it goes!
Sep 12, 2008 at 7:46 PM
Thank you very much. The new version of EncryptData works perfect.

I looked at your XmlEncryptedTokenSerializer.cs, it overrides WriteTokenCore( ), and use the MemoryStream. And I added some logging at my RP-STS, it seems to me that rstrMessage.ToString() method calls RSTR.OnWriteBodyContents( ) method.  Does that sound right to you? Can you explain how it works?

Message

 

rstrMessage = Message.CreateMessage(message.Version, Constants.Trust.Actions.IssueReply, rstr);

 

 

 

// Set RelatesTo of response message to MessageID of request message

 

rstrMessage.Headers.RelatesTo = requestMessageID;

msg =

"RP-STS Issue method is called ,and outgoing message looks like:";

 

debugRPSTS(msg);

msg = rstrMessage.ToString();

debugRPSTS(msg);

msg =

"return the rstr message";

thanks,
Sue

 

Coordinator
Sep 12, 2008 at 8:45 PM
Magic pixie dust :)

So I'm using a memory stream to get the encrypted bits into a state where I can use them within the WriteTokenCore. It's a bit of a hack admittedly, but it allows me to plan for future different token types; an OpenID token is a completely different format.

So I serialise the token normally to memory, then pass it into the encryption procedure which in turn spits back an XML fragment containing everything that's needed; that then is spat into the writer. I would guess the serialiser for the RSTR will go through the serialisation process, which will call writetokencore somewhere to convert it to a string, but that's a guess.