Skip to Content.
Sympa Menu

perfsonar-dev - [pS-dev] Re: [perfsonar-user] AS Client

Subject: perfsonar development work

List archive

[pS-dev] Re: [perfsonar-user] AS Client


Chronological Thread 
  • From: Herbert Monteiro <>
  • To: " List" <>
  • Cc: Cándido Rodríguez Montes <>, "Diego R. Lopez" <>
  • Subject: [pS-dev] Re: [perfsonar-user] AS Client
  • Date: Thu, 2 Sep 2010 12:06:05 -0300
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=UJwA5P354mDcMZU1nWR9w9fft6lpaOqBHkPbiKDZWFVdRc8W5q/NjQ5iO+FalcJ8qJ cC1UAazhW/2ZzMPipToLUTXAwzrvoAILEQQUB/LrOy87j4dySFitAf/Su3MfyHi+2Lgt jUJa08NHkQxfYQEU7K/qVXLCnxEGbzurumIt8=
Hi Candido,

I have some questions with the use of SAML Assertion in the AS.

I understand that I need get the SAML Assertion Token and put this in
a new SAML Token (Security Token). So I have to sign this new token.
(addSAMLSTInMessage(requestMessage, authStatementAssertion, pk, cert,
cID_pSR, cID);)

I did a desktop application that get the SALM Assertion Token (from
STS Service) and put the assertion in a new SAML token assign (see
attached). So my desktop application should have a certificate
assigned by an AC in eduGAIN Trust Model?

And cID my application also need?

Could you please tell me what I need to do for this token (attached)
be accepted by AS?

Ragards

<?xml version="1.0" encoding="UTF-8"?>
<saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
IssueInstant="2010-09-02T14:29:56.239Z"
Issuer="http://gtstcfed.sj.ifsc.edu.br:8081/RNPSecurityTokenService/RNPSTS";
MajorVersion="1" MinorVersion="1">
<saml1:Conditions>
<saml1:AudienceRestrictionCondition>

<saml1:Audience>urn:geant:edugain:component:psr:http://selena.acad.bg:8070/axis/services/LookupService</saml1:Audience>
</saml1:AudienceRestrictionCondition>
</saml1:Conditions>
<saml1:AuthenticationStatement
AuthenticationInstant="2010-09-02T14:29:56.320Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<saml1:Subject>
<saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="urn:geant:edugain:component:be:rediris:rediris.es">joaogt</saml1:NameIdentifier>
<saml1:SubjectConfirmation>

<saml1:ConfirmationMethod>relayed-trust</saml1:ConfirmationMethod>
<SubjectConfirmationData>
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
AssertionID="uuid-3be8143b-e7bc-4c4f-be2d-18b254ed5bd3"
IssueInstant="2010-09-02T14:29:54.100Z" Issuer="RNPSTS"
MajorVersion="1" MinorVersion="1">
<saml:Conditions
NotBefore="2010-09-02T14:29:54.100Z"
NotOnOrAfter="2010-09-02T14:30:30.100Z">

<saml:AudienceRestrictionCondition>

<saml:Audience>urn:geant:edugain:component:psr:http://selena.acad.bg:8070/axis/services/LookupService</saml:Audience>

</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice/>
<saml:AuthenticationStatement
AuthenticationInstant="2010-09-02T14:29:54.100Z">
<saml:Subject>

<saml:NameIdentifier
NameQualifier="http://stcfed.rnp.br";>joaogt@RNPSTS</saml:NameIdentifier>

<saml:SubjectConfirmation>

<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>

</saml:SubjectConfirmation>
</saml:Subject>

</saml:AuthenticationStatement>
<ds:Signature>
<ds:SignedInfo>

<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#uuid-3be8143b-e7bc-4c4f-be2d-18b254ed5bd3">

<ds:Transforms>

<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>bgsxPCbwUwl66RoM6FnkifulMgg=</ds:DigestValue>

</ds:Reference>
</ds:SignedInfo>

<ds:SignatureValue>qJZ8yJdPtTcvvodOn55JJZ5db3awvanTTr+sQ+9+ymT/OMzEq1B+/K9/ofMVb1gdNXoJ28uYwLs/
KUMROPd/0V8DXf5GZAeGErflL57qJ1yDO2STr6lQg/c4dlX6ndB41jy+8LkCviB1oJgticRi/3xv
3AVXJVIJXm9jBbrS/J4=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>

<ds:X509Certificate>MIIDDzCCAnigAwIBAgIBAjANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4X
DTA3MDMxMjEwMTgwNVoXDTE3MDMwOTEwMTgwNVowbzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNv
bWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VO
MRowGAYDVQQDExF4d3NzZWN1cml0eXNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
v11fD4vbn2E+RpKgPkDFYzorrGsGqpdsmsZ3wGewLhSdrDI18Lugs6QcUUTq8dQ17xAWPITQWi0E
zXpUhdFTQAi4eiLJnV2SVirz4iyCqbZCzn0gCJxFcJ//+BYwIuWdTLrfya14+47gKBhFnNSZxmpj
Zlahf6105AZMTgt05BMCAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdVE29ysyFW/iD1la3ddePzM6IWow
fgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VO
Q0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQBWpPzVlkGUGarWc0ghob52gvWWjYoQ/2b1
zHqUcLGt1fGKcwS0m23PMCWjwcTv4AKz4ZAtymK9xe9UOoMkJt+N9SuOajGzKvpf7eXaC5d+CcGm
IhRDL+8Exz9DVqLDi8MVHd8oMg/WeP2c0q0TCDxXmATn6n9hC0abODh8cLUh7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</SubjectConfirmationData>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds
saml1"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>v3aKj5DXSNhFp1g7be1rnXHR5nM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
PAXGOYMXatfZvdcF/dnSUI6s1cTRStv2+DBBOjDRA8ZK/EE9/7bh8F4F8HHWOrP3DXJO1kKIlDnl
OkDbr8qo7DIwnYooAEWEJOTcWLmwaim5y/Og6ts3d5KQoufbJwT+uhguCf0xbef7QFw6IAxX+Yz2
8zFuFgcqrLuA6RYc+SA=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>

<ds:X509Certificate>MIIDDzCCAnigAwIBAgIBAjANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4X
DTA3MDMxMjEwMTgwNVoXDTE3MDMwOTEwMTgwNVowbzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNv
bWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VO
MRowGAYDVQQDExF4d3NzZWN1cml0eXNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
v11fD4vbn2E+RpKgPkDFYzorrGsGqpdsmsZ3wGewLhSdrDI18Lugs6QcUUTq8dQ17xAWPITQWi0E
zXpUhdFTQAi4eiLJnV2SVirz4iyCqbZCzn0gCJxFcJ//+BYwIuWdTLrfya14+47gKBhFnNSZxmpj
Zlahf6105AZMTgt05BMCAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdVE29ysyFW/iD1la3ddePzM6IWow
fgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VO
Q0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQBWpPzVlkGUGarWc0ghob52gvWWjYoQ/2b1
zHqUcLGt1fGKcwS0m23PMCWjwcTv4AKz4ZAtymK9xe9UOoMkJt+N9SuOajGzKvpf7eXaC5d+CcGm
IhRDL+8Exz9DVqLDi8MVHd8oMg/WeP2c0q0TCDxXmATn6n9hC0abODh8cLUh7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml1:Assertion>




2010/8/24 Cándido Rodríguez Montes
<>:
> Hi Herbert,
>
> On Aug 20, 2010, at 8:22 PM, Herbert Monteiro wrote:
>
>> Hi all,
>>
>> I can get a SAML Assertion 1.0 trough a RNP Service (see attached).
>> How can I create an AuthN message to send a perfSONAR Service?
>>
>> In psB there is a function called addSAMLSTInMessage. Is it the way?
>
> You should use the perfsonar-devel mailing list for this kind of issue.
> However, take a look at
> https://wiki.man.poznan.pl/perfsonar-mdm/index.php/Using_SAML_token_profile.
> It could be useful for you.
>
> Regards
>
>>
>> Regards
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> ------------------------------------------------
>> Herbert Monteiro Souza
>> <teste.xml>
>
> --
> Cándido Rodríguez Montes                E-mail:
>
> Middleware warrior                              Tel:+34 955 05 66 13
> Red.ES/RedIRIS
> Edificio CICA
> Avenida Reina Mercedes, s/n
> 41012 Sevilla
> SPAIN
>
>
>
>
>



--
------------------------------------------------
Herbert Monteiro Souza
Brasil - Bahia - Salvador
------------------------------------------------
NUPERC - Nucleus of Research
in Networks Computer
------------------------------------------------
RNP - Computing and Networking Research Group
------------------------------------------------

Archive powered by MHonArc 2.6.16.

Top of Page