i'm creating some test apps using cardspace. When I use personal cards i have no problem to manage what I need. My problems start when i try to work with managed cards. I prepare Webservice (using WCF) which need managed card to authenticate. When i call this service CARDSPACE UI appears and my managed card is only card which can be selected (this is what I suppose what it will do). However, when i choose this managed card i see preview of card with marked required claims. Claims resources are blank (of course, i don't enter any value). CardSpace UI dialog tells me to use Retrive button. When I do this error in form of dialog appears. In dialog there is something like this: The personal card that is used for authentication of the managed card cannot be found. If you have a backup file containing the missing personal card, restore the card. For additional information, contact the card provider. I don't know what this error means (as i said above, I'm new in Cardspace). Any suggestion to solve this error
polenius
Hi,
i'm creating some test apps using cardspace. When I use personal cards i have no problem to manage what I need. My problems start when i try to work with managed cards. I prepare Webservice (using WCF) which need managed card to authenticate. When i call this service CARDSPACE UI appears and my managed card is only card which can be selected (this is what I suppose what it will do). However, when i choose this managed card i see preview of card with marked required claims. Claims resources are blank (of course, i don't enter any value). CardSpace UI dialog tells me to use Retrive button. When I do this error in form of dialog appears. In dialog there is something like this: The personal card that is used for authentication of the managed card cannot be found. If you have a backup file containing the missing personal card, restore the card. For additional information, contact the card provider. I don't know what this error means (as i said above, I'm new in Cardspace). Any suggestion to solve this error
i'm creating some test apps using cardspace. When I use personal cards i have no problem to manage what I need. My problems start when i try to work with managed cards. I prepare Webservice (using WCF) which need managed card to authenticate. When i call this service CARDSPACE UI appears and my managed card is only card which can be selected (this is what I suppose what it will do). However, when i choose this managed card i see preview of card with marked required claims. Claims resources are blank (of course, i don't enter any value). CardSpace UI dialog tells me to use Retrive button. When I do this error in form of dialog appears. In dialog there is something like this: The personal card that is used for authentication of the managed card cannot be found. If you have a backup file containing the missing personal card, restore the card. For additional information, contact the card provider. I don't know what this error means (as i said above, I'm new in Cardspace). Any suggestion to solve this error
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon
It appears you've generated a managed card back by self issued card. Is this self issued card still in your store When authenticating this type of managed card, it looks up the self issued card that matches the PPID set inside the managed card.
If the card is still in your card store, then the most likely problem is the fact that you're using 2 different certificates.
How are you retrieving the PPID to create the managed card More importantly, the certificate you're using to prompt CardSpace to send you a self issued card with a PPID.
Next, for your managed card generation, which certificate are you using to generate and sign the crd file
Finally, for your IPSTS, which certificate are you using for communications with it.
You might want to try making all of those use the same certificate if any one of them is different.
//Toland
It appears you've generated a managed card back by self issued card. Is this self issued card still in your store When authenticating this type of managed card, it looks up the self issued card that matches the PPID set inside the managed card.
If the card is still in your card store, then the most likely problem is the fact that you're using 2 different certificates.
How are you retrieving the PPID to create the managed card More importantly, the certificate you're using to prompt CardSpace to send you a self issued card with a PPID.
Next, for your managed card generation, which certificate are you using to generate and sign the crd file
Finally, for your IPSTS, which certificate are you using for communications with it.
You might want to try making all of those use the same certificate if any one of them is different.
//Toland
Re: Windows CardSpace (InfoCard) managed cards
polenius
Well, problem was wrong PPID, I forgot to rewrite it from my other experimets.
However, after clicking on retrieve or send cardspace ui screen appears with this message :
Your data could not be retrieved from the managed card provider. Check your
connection, and verify that you have supplied the correct authentication credentials.
I'm not sure if I prepare my provider in right way. Could you post here some links to documents where can I found samples and tutorials to managed cards. I query google but no useful answer in short time and I'm too bussy to read all related pages. I can describe my scenario what I want from managed cards.
User is asked for login to service. User uses managed card with his(her) name and group membership (my own claim). Cardpace UI appears and user click on proper card. Card goes to managed card provider where are stored values for requested claims. If user have "suitable" personal card, managed card is filled with values and send back to user where is resend to webservice. User is now logged in.
Jindrich Brezina
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon - MSFT
Are there any event log messages. Generally they give more details to what may have occurred.
A couple things come to mind.
1. It's having problems connecting to the STS
2. The STS account lookup failed
3. The message returned by the STS was improper.
//Toland
Re: Windows CardSpace (InfoCard) managed cards
blowdart
Are you running an STS at that endpoint (and the non-HTTPS one on port 7000 )
I can't see anything on that port; or indeed anything on the HTTPS port.
Are you running an STS at that endpoint (and the non-HTTPS one on port 7000 )
I can't see anything on that port; or indeed anything on the HTTPS port.
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon - MSFT
It appears that CardSpace can't talk to your STS or retrieve its MEX.
Can you hit this link with your browser:
https://www.treeinfo.cz:7001/sample/trust/selfissuedsaml/mex
If not, you may want to try to figure out where the problem is (i.e. the domain, the port, the certificate, etc).
//Toland
Re: Windows CardSpace (InfoCard) managed cards
Cardspace Newbie
Hello,
I have been following your posts and examples carefully, I am successful in getting the STS working along with card space on a local machine. However I was wondering if there is a way to access the public key of the relying party from the RST (request security token) which is sent to the IP/STS (Security token service).
thank you,
//Cardspace Newbie
Hello,
I have been following your posts and examples carefully, I am successful in getting the STS working along with card space on a local machine. However I was wondering if there is a way to access the public key of the relying party from the RST (request security token) which is sent to the IP/STS (Security token service).
thank you,
//Cardspace Newbie
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon - MSFT
I believe if you enable RequiresAppliesTo on the managed card, the RP's information (including the public key) will be included in the RST.
Caleb posted this awhile back:
From: http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=1218402&SiteID=1
for a browser based scenario, if the .crd file for the managed card has the <RequiresAppliesTo> element set, CardSpace will send the RP information ( site URL and SSL cert) to the IP, and expects the IP to encrypt the token.
Otherwise, the IP is not sent RP info, and CardSpace does the encryption. The hint in the is if it says 'the identity provider will know you have visited this site' then they set the <RequiresAppliesTo>
//Toland
Re: Windows CardSpace (InfoCard) managed cards
Netwhiz
Hello,
Thank you, for your reply. I was able to generate managed cards, by setting the <requireappliesto> flag to true. At this point, not sure how to obtain the public key at the Identity Provider end. Any pointers to documentation with this issue in focus or code samples will be appreciated.
thank you,
regards Cardspace newbie
Hello,
Thank you, for your reply. I was able to generate managed cards, by setting the <requireappliesto> flag to true. At this point, not sure how to obtain the public key at the Identity Provider end. Any pointers to documentation with this issue in focus or code samples will be appreciated.
thank you,
regards Cardspace newbie
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon - MSFT
paqueEndpoint element defined below is used to send an opaque reference for a
paqueEndpoint>
According to the Technical Reference for Infocard:
Version 1.0 Page 19 of 36
5.3.2. Identifying relying party to identity provider
The
icpaqueEndpoint element defined below is used to send an opaque reference for a
relying party identity to an IP/STS.
Syntax:
<icpaqueEndpoint>
paqueEndpoint>
The following describes the attributes and elements listed in the schema overview above:
/icpaqueEndpoint
A base64 encoded opaque reference to an endpoint.
An opaque reference for the relying party identity is submitted to the IP/STS by including a
wsp:AppliesTo
element containing the opaque handle for the relying party endpoint in theRST request message as shown in the following example.
Example:
Code Snippet
<wst:RequestSecurityToken>
<wsp:AppliesTo>
<ic:OpaqueEndpoint>
MIIEZzCCA9CgAwIBAgIQEmtJZc0==
</ic:OpaqueEndpoint>
</wsp:AppliesTo>
...
</wst:RequestSecurityToken>
When required, the actual relying party identity is submitted to the IP/STS by including a
wsp:AppliesTo
element containing the endpoint reference of the relying party in the RSTrequest message as shown in the following example.
Example:
Code Snippet
<wst:RequestSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://ip.fabrikam.com/STS</wsa:Address>
...
</wsa:EndpointReference>
</wsp:AppliesTo>
...
</wst:RequestSecurityToken>
The OpaqueEndpoint should contain the information you need.
//Toland
Re: Windows CardSpace (InfoCard) managed cards
Toland Hon - MSFT
sorry about the, I can't seem to disable the emoticons. is
sorry about the
, I can't seem to disable the emoticons. is
Code Snippet
:o
which refers to
ic:opaqueEndpoint
Re: Windows CardSpace (InfoCard) managed cards
Netwhiz
Hello,
Thank you, Will poke around.
regards
Cardspace newbie
Hello,
Thank you, Will poke around.
regards
Cardspace newbie
Re: Windows CardSpace (InfoCard) managed cards
painterRTP
Hi Tolland,
I am running into the exact same issue that Polenius was experiencing in this message thread. It appears that CardSpace cannot talk to my STS or retrieve its MEX. I tried hitting the link that you provided (https://www.treeinfo.cz:7001/sample/trust/selfissuedsaml/mex) but can't connect to it. Should it still be available
Any information would be greatly appreciated!
Thanks,
Dave
Re: Windows CardSpace (InfoCard) managed cards
painterRTP
Nevermind - I didn't have the httpcfg utility on my machine. I installed this, ran the SetSSLCertificate.bat, and the error went away.
Nevermind - I didn't have the httpcfg utility on my machine. I installed this, ran the SetSSLCertificate.bat, and the error went away.