perfsonar development work

[Cándido Rodríguez Montes <>]

Hi Nina,

El 05/11/2007, a las 17:41, Nina Jeliazkova escribió:

Hi,

The first try to embed AA into Java Web start version of perfsonarUI is facing the following problem. 

As I learnt from Candido, the AA classes need to use xerces parser, and for this purpose the java property "java.endorsed.dirs" has to be set to point to xerces classes.
This works fine when running locally (from command line or development environment as Eclipse), but does not work if the endorsed.dirs property is set in JNLP configuration, e.g. the line
<property name="java.endorsed.dirs" value="/jars/xalan"/>

Yep, eduGAIN libraries have the dependencies of the opensaml libraries, and these have the dependencies of an specific version of xalan and xerces (because openSAML developers want to use the DOM API v3). I've never understood why they want to make our developments more complicated...

has no effect on the application.  Apparently, setting endorsed.dirs property is considered security break in JWS and is NOT expected to work at all.
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6224429

But, at this time, clients which are implementing the UbC profile need to use the eduGAIN libraries, so they're finding this problem. As I see in [1] Scott Cantor (one of the main developers of opemSAML) wasn't very worried about this problem 3 years ago.

You could try AA at psUI 0.11 playground, after launching Options menu and checking "Enable AA" option. Currently, it returns an openSAML error when trying to connect to edugain MDS, due to the reason explained above.

http://perfsonar.acad.bg/psui_0_11/perfsonar.jnlp

I am not sure if there is some other way to make the JWS use xerces parser necessary for AA classes.

I don't see an workaround here, except abandoning JWS for perfsonarUI. (There is also another reason for this). 

Any ideas?

So, I'm going to write an email with this problem to the eduGAIN developers, because they don't know this problem and I want to suggest they'll use another SAML library in the future (I know there are another ones for Java developers) and I'm going to write another email to openSAML developers mailing list (maybe someone has found a solution since that email).

Also, I think the eduGAIN libraries are used in perfSONAR clients ONLY for making requests to the eduGAIN MDS (I'm only sure for 90%, so I have to check it), so if I cannot get a solution from them, I think the best solution is developing our eduGAIN MDS libraries which don't need the opensaml libraries. It could be a week intensive development :-)

Regards

Best regards,
Nina

[1] https://mail.internet2.edu/wws/arc/mace-opensaml-users/2004-02/msg00006.html

--

Cándido Rodríguez Montes E-mail: 

Red.ES/RedIRIS Tel:+34 955 05 66 13

Edificio CICA

Avenida Reina Mercedes, s/n

41012 Sevilla

SPAIN