Friday, February 08, 2008

xmldap relyingparty and glassfish

Here is a description on how to use the xmldap relyingparty with SUN's glassfish application server. It works like a charm.

1) Download GlassFish

http://www.java.net/download/javaee5/v2ur1/promoted/SunOS/glassfish-installer-v2ur1-b09d-sunos-ml.jar

2) Run the installer/unpacker
java -Xmx256m -jar glassfish-installer-v2ur1-b09d-windows-ml.jar

3)
cd glassfish 
lib\ant\bin\ant -f setup.xml

4) Add D:\Programme\glassfish\bin to the PATH variable
echo %PATH%

OK
5) Started glassfish
asadmin start-domain domain1

Verified this by using Firefox on
https://w4de3esy0069028.gdc-bln01.t-systems.com:8181/



6) stop glassfish
asadmin stop-domain domain1

7) edit websrc/xmldap_rp/WEB-INF/rp.properties
keystore=D:\\Programme\\glassfish\\domains\\domain1\\config\\keystore.jks
keystore-password=changeit
key=s1as
key-password=changeit
privacyStatement.text/plain=/WEB-INF/privacy.txt
privacyStatement.text/html=/WEB-INF/privacy.html
privacyStatement.text/pdf=/WEB-INF/privacy.pdf
requiredClaims=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressoptionalClaims=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender

8)
cd openinfocard/ant; ant; 

9)
cp ../build/xmldap.org/relyingparty.war cygdrive/d/Programme/glassfish/domains/domain1/autodeploy/

10) Start glassfish again
asadmin start-domain domain1

11) Use Firefox to open
https://w4de3esy0069028.gdc-bln01.t-systems.com:8181/relyingparty/


looks like the xmldap relyingparty. Fine.
12) login using dottie's information card
The openinfocard id selector version is 0.9.9.20080118



Valid Signature: true
Valid Conditions: true
Confirmation method: urn:oasis:names:tc:SAML:1.0:cm:bearer
Audience is restricted to: https://w4de3esy0069028.gdc-bln01.t-systems.com:8181/relyingparty/
No Certificate in Token
You provided the following claims:

givenname: Dorothy Mae

surname: Murphy Mortimore

privatepersonalidentifier: TFJmTjJIUlVyNG8yTGR3NmQySHp1Y3JOU0VHYit5NXErTDNZQkdRZk40ST0=
Your user agent is

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11


The java verion is jdk1.6.0_04.
Enjoy.

No comments: