I don't have your complete configuration for your STS but I suspect the following... You SAML Handler is configured to provide a Subject Identifier as an email address. In order to fill in the name it need to get the email address attribute from IdAS. You can resolve this by providing an email address, or configuring the STS to use another attribute for the name.
Regards, Michael McIntosh VP Development Azigo From: [email protected] [mailto:[email protected]] On Behalf Of Maken, Dalijeet Singh (CONSULTANT) Sent: Wednesday, January 27, 2010 2:41 PM To: [email protected] Subject: [higgins-dev] Higgins STS and Cloud Selector | Only releasing emailaddress claim Hello Guys, I am running into a strange issue where in the claims released by the Higgins STS are different (not values but the list) when the request is submitted from the cloud selector as opposed to submission from Azigo selector. The scenario is as follows: - We have a local instance of the Higgins STS that we have used to issue a managed card. The card is attached. - The card is used in an RP (RPSimple) with azigo as the card selector. The log of the STS for this request is attached (sts-azigo.out). As you will see within the logs, the STS is attempting to add all the requested claims. - In the next step the same card is used from the Cloud Selector (Mode Request 3) with the following request: <object type="application/x-informationCard" name="xmlToken"> <param name="privacyUrl" value="http://wiki.eclipse.org/Cloud_Selector"; /> <param name="privacyVersion" value="1" /> <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier%20http:/schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress%20http:/schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress>" /> </object> As you will note that we are requesting multiple claim values, however the STS only looks for the emailaddress and then moves on to the setDigitalIdentity call, ignoring all the other requested claim values (see attached log file: sts-cloud-object.out) Cloud Selector is showing the same behavior in other modes too and keeps reading the email address claim even when it is not requested. Will appreciate any inputs on why this might be the case. Thanks, Daljeet Singh ________________________________ This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. The information contained in this e-mail was obtained from sources believed to be reliable; however, the accuracy or completeness of this information is not guaranteed. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. References to "Merrill Lynch" are references to any company in the Merrill Lynch & Co., Inc. group of companies, which are wholly-owned by Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Past performance is no guarantee of future results. Attachments that are part of this E-communication may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing. ________________________________
_______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
